A website, for my beloved teacher

Today is the 4th day since my teacher passed away. Every night I dream the unforgetable moment in primary school. He was a good teacher.

I want to dedicate the website www.chanboonheng.com to him. Every one is welcome to write a poem or article for him. I hope all his students, friends and teachers will always remember him. Whenever you think of him, you can visit the website and leave him a message.





Hack In The Box Training

Due to some reason, I can’t attend Hack In The Box Tech Training I – Web Application – Attack and Defence. I am selling my seat ticket to other people who are interest at the price of RM1800.

For those who are interested, please contact me at 012 454 6360 or email to paul [at] takizo.com

What will Web Application – Attack and Defence covered?

Introduction to web applications
1. Components of a web application
2. Basics of web technologies and protocol information
3. Evolution of technologies and impact on security
4. Understanding other basic web security-related concepts
5. Learning tools like netcat, achilles etc. to understand its usage and
6. Application. (Hands on for the group)

Web Hacking – Areas of attack

Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.

1. Cross-site scripting attacks
2. SQL Query Injection
3. Session Hijacking
4. Buffer Overflows
5. Java Decompilation
6. HTTP brute forcing
7. Trojan Horses and Malware products
8. Form Manipulation, Query Poisoning
9. Input Validation,Parameter Tampering
10. Authentication
11. Information leakage
12. File operations
13. Client-side manipulations
14. Cryptography
15. Error/Exception handling

Attack and Defense strategies
1. Impact of attacks
2. Risk analysis
3. Countermeasures
4. Defense strategies and methods

Assessment Methodology and Defending Applications
1. Footprinting and Discovery
2. Reconnaissance – Profiling a web application
3. Black-box and White-box testing
4. Exploiting vulnerabilities
5. Defending applications
6. Secure coding strategies

Web Services Assessment
1. Footprinting
2. Discovery
3. Technology Identification
4. Attack vector for web services
5. Defense methods
6. Toolkit – wsChess (http://www.net-square.com/wschess) play around and learn more from Author of the toolkit.

Hands-on : The training programme will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.

For more information, check our Hack In The Box website

What Web Application sell?

I am reading news in China Press website, accidentally bumped into an Ah Long(loan shark) banner.. We have very popular online banking company named Maybank2u, and now I think online loan shark will be popular in the future.

So what is next application I wanted to invent? I think is an online ah-long application. What does the application do.. heh! It must be a lot of functions.. Let me brainstorm some.. and give me more idea..

Centralize Black Listed Database
There will be a central black listed database to store people who borrow money with Ah Long A,B,C. It’s like our current banking system, if you are black listed in our system, the loan shark will not borrow you the money, or still borrow, but more interested, or more thing to deposit. Then I will charge Ah Long A, B, C who want to grab black listed people, initially, I also can offer the black listed name to Bank, so they will loan out money for car/house.

Application Processing
There will be a system where by borrower stand in front of the camera, capture their picture, scan their thumbs, and register them as MEMBER :P. So Ah Long can keep track how much they borrow, and next time when they want to borrow it, just scan their thumb. If they didn’t return money, picture will publish on the website to black listed them.

Cash Flow Analyses
When all the data is inside the database, we can do analyse all the cash flow. How much is the potential rate can earn, how much money has been throw out. Which month is highest people who borrow, and interested rate can auto float base on the cash flow 😀

There will be hunter membership as well, what hunter do? Hunter is the people who go to get back money from borrower. What they need to do is login to the system, check who is the person they need to find which is assigned by the system. There will be commission track how much they get, and the more they get back the money, the higher commission they get, so it motivate them to annoying the borrower return the money.

Ah-Long unit trust
There will be an investment link for investor invest into the cash pool. While we have the best system to analyse the risk and control the cash flow. Investors actually can login to the system and check their investment return potential.

Referal program
While the borrower want to earn some side income, they can do member get member commission, introduce their friend and get some commission, and the more level they have the higher potential of the income they will get.

Reward Program
They system can track the member/borrower who return the money on time and reward them some gift like lower interest rate, free lunch voucher or accumulate the point to exchange bicycle, Plasma TV and etc..

SMS Alert/Reminder
SMS system can send out latest interest rate and also remind the borrower return the money as soon as possible. Beside that, AhLong can do an SMS advertisement 😛

Beside application, there are some other part will benefit me.

More server co-location business, why server co-lo? Better security

Security Protection Fees
When everything come to online, there must be good secutiry to protect the data, so can charge them secutiry fees.

Application Update/Patch
When there is some update/patch of the application, can charge them some application upgrade fees.

So, potential business right? 😛 Just a joke!