Due to some reason, I can’t attend Hack In The Box Tech Training I – Web Application – Attack and Defence. I am selling my seat ticket to other people who are interest at the price of RM1800.

For those who are interested, please contact me at 012 454 6360 or email to paul [at] takizo.com

What will Web Application – Attack and Defence covered?

Introduction to web applications
1. Components of a web application
2. Basics of web technologies and protocol information
3. Evolution of technologies and impact on security
4. Understanding other basic web security-related concepts
5. Learning tools like netcat, achilles etc. to understand its usage and
6. Application. (Hands on for the group)

Web Hacking – Areas of attack

Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.

1. Cross-site scripting attacks
2. SQL Query Injection
3. Session Hijacking
4. Buffer Overflows
5. Java Decompilation
6. HTTP brute forcing
7. Trojan Horses and Malware products
8. Form Manipulation, Query Poisoning
9. Input Validation,Parameter Tampering
10. Authentication
11. Information leakage
12. File operations
13. Client-side manipulations
14. Cryptography
15. Error/Exception handling

Attack and Defense strategies
1. Impact of attacks
2. Risk analysis
3. Countermeasures
4. Defense strategies and methods

Assessment Methodology and Defending Applications
1. Footprinting and Discovery
2. Reconnaissance – Profiling a web application
3. Black-box and White-box testing
4. Exploiting vulnerabilities
5. Defending applications
6. Secure coding strategies

Web Services Assessment
1. Footprinting
2. Discovery
3. Technology Identification
4. Attack vector for web services
5. Defense methods
6. Toolkit – wsChess (http://www.net-square.com/wschess) play around and learn more from Author of the toolkit.

Hands-on : The training programme will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application.

For more information, check our Hack In The Box website

What Web Application sell?

I am reading news in China Press website, accidentally bumped into an Ah Long(loan shark) banner.. We have very popular online banking company named Maybank2u, and now I think online loan shark will be popular in the future.

So what is next application I wanted to invent? I think is an online ah-long application. What does the application do.. heh! It must be a lot of functions.. Let me brainstorm some.. and give me more idea..

Centralize Black Listed Database
There will be a central black listed database to store people who borrow money with Ah Long A,B,C. It’s like our current banking system, if you are black listed in our system, the loan shark will not borrow you the money, or still borrow, but more interested, or more thing to deposit. Then I will charge Ah Long A, B, C who want to grab black listed people, initially, I also can offer the black listed name to Bank, so they will loan out money for car/house.

Application Processing
There will be a system where by borrower stand in front of the camera, capture their picture, scan their thumbs, and register them as MEMBER :P. So Ah Long can keep track how much they borrow, and next time when they want to borrow it, just scan their thumb. If they didn’t return money, picture will publish on the website to black listed them.

Cash Flow Analyses
When all the data is inside the database, we can do analyse all the cash flow. How much is the potential rate can earn, how much money has been throw out. Which month is highest people who borrow, and interested rate can auto float base on the cash flow 😀

There will be hunter membership as well, what hunter do? Hunter is the people who go to get back money from borrower. What they need to do is login to the system, check who is the person they need to find which is assigned by the system. There will be commission track how much they get, and the more they get back the money, the higher commission they get, so it motivate them to annoying the borrower return the money.

Ah-Long unit trust
There will be an investment link for investor invest into the cash pool. While we have the best system to analyse the risk and control the cash flow. Investors actually can login to the system and check their investment return potential.

Referal program
While the borrower want to earn some side income, they can do member get member commission, introduce their friend and get some commission, and the more level they have the higher potential of the income they will get.

Reward Program
They system can track the member/borrower who return the money on time and reward them some gift like lower interest rate, free lunch voucher or accumulate the point to exchange bicycle, Plasma TV and etc..

SMS Alert/Reminder
SMS system can send out latest interest rate and also remind the borrower return the money as soon as possible. Beside that, AhLong can do an SMS advertisement 😛

Beside application, there are some other part will benefit me.

More server co-location business, why server co-lo? Better security

Security Protection Fees
When everything come to online, there must be good secutiry to protect the data, so can charge them secutiry fees.

Application Update/Patch
When there is some update/patch of the application, can charge them some application upgrade fees.

So, potential business right? 😛 Just a joke!

Life – Why bad things happen to good people…

I was very shock, and also very sad.. very very sad to read the news from the newspaper. Why is him? Why this tragedy is happened to him? Why can it be happened!!!

曾文珩老师 – He is my primary school – Keat Hwa (H) basketball team coach, I was selected by him as primary school player. He was good coach to lead us and motivated our team. I was very shock, I can’t believe I saw it on China Press newspaper 5 mins ago with the headline “A teacher fall down and dead” and the picture is him. It’s very sad… He is also my dad secondary school classmate..

Why bad thing is happened to a good people? Why bad thing is happened to a good teacher? Sometime, we can’t blame anybody, tragedy already happened, we got to accept it. It’s a luck, life…

May god bless his family… 🙁

China Press
The Star

Bad Performance

We don’t didn’t have time for the sound check section, my tuner wasn’t spoilt functioning, the guitars and bass was were tuned by my ear…The sound system was very bad, sound balance is was totally out. But overall, it’s still nice for me to perform again 🙂

The Marshall amp was not working, I like marshall more than PV

About to roll the first song

Nice shoot shot with drummer

Backing vocalist – Joe

I think our band (lead) singer is VERY AGGRESIVE 😛

Petrol V Eggs?

I think the person who wrote this is lil bit childish..

A man eats two eggs each morning for breakfast. When he goes to the grocery store he pays 60 cents a dozen. Since a dozen eggs won’t last a week he normally buys two dozens at a time.
One day while buying eggs he notices that the price has risen to 72 cents. The next time he buys groceries, eggs are 76 cents a dozen.

When asked to explain the price of eggs the store owner says, “The price has gone up and I have to raise my price accordingly”.
This store buys 100 dozen eggs a day. He checked around for a better price and all the distributors have raised their prices.
The distributors have begun to buy from the huge egg farms. The small egg farms have been driven out of business. The huge egg farms sell 100,000 dozen eggs a day to distributors. With no competition, they can set the price as they see fit. The distributors then have to raise their prices to the grocery stores. And on and on and on.

As the man kept buying eggs the price kept going up. He saw the big egg trucks delivering 100 dozen eggs each day. Nothing changed there. He checked out the huge egg farms and found they were selling 100,000 dozen eggs to the distributors daily. Nothing had changed but the price of eggs.

Then week before Thanksgiving the price of eggs shot up to $1.00 a dozen. Again he asked the grocery owner why and was told, “Cakes and baking for the holiday”. The huge egg farmers know there will be a lot of baking going on and more eggs will be used. Hence, the price of eggs goes up. Expect the same thing at Christmas and other times when family cooking, baking, etc. happen.

This pattern continues until the price of eggs is 2.00 a dozen. The man says, ” There must be something we can do about the price of eggs”.

He starts talking to all the people in his town and they decide to stop buying eggs. This didn’t work because everyone needed eggs.

Finally, the man suggested only buying what you need. He ate 2 eggs a day. On the way home from work he would stop at the grocery and buy two eggs. Everyone in town started buying 2 or 3 eggs a day.

The grocery store owner began complaining that he had too many eggs in his cooler. He told the distributor that he didn’t need any eggs. Maybe wouldn’t need any all week.

The distributor had eggs piling up at his warehouse. He told the huge egg farms that he didn’t have any room for eggs would
not need any for at least two weeks.

At the egg farm, the chickens just kept on laying eggs. To relieve the pressure, the huge egg farm told the distributor that they could buy the eggs at a lower price.

The distributor said, ” I don’t have the room for the %$&^*&% eggs even if they were free”. The distributor told the grocery store owner that he would lower the price of the eggs if the store would start buying again.

The grocery store owner said, “I don’t have room for more eggs. The customers are only buying 2 or 3 eggs at a time. Now if you were to drop the price of eggs back down to the original price, the customers would start buying by the dozen again”.

The distributors sent that proposal to the huge egg farmers but the egg farmers liked the price they were getting for their eggs but, those chickens just kept on laying. Finally, the egg farmers lowered the price of their eggs. But only a few cents.

The customers still bought 2 or 3 eggs at a time. They said, “when the price of eggs gets down to where it was before, we will start buying by the dozen.”

Slowly the price of eggs started dropping. The distributors had to slash their prices to make room for the eggs coming from the egg farmers.

The egg farmers cut their prices because the distributors wouldn’t buy at a higher price than they were selling eggs for. Anyway, they had full warehouses and wouldn’t need eggs for quite a while.

And those chickens kept on laying.

Eventually, the egg farmers cut their prices because they were throwing away eggs they couldn’t sell.

The distributors started buying again because the eggs were priced to where the stores could afford to sell them at the lower price.

And the customers starting buying by the dozen again.

Now, transpose this analogy to the gasoline industry.

What if everyone only bought $10.00 worth of gas each time they pulled to the pump? The dealer’s tanks would stay semi full all the time. The dealers wouldn’t have room for the gas coming from the huge tank farms. The tank farms wouldn’t have room for the gas coming from the refining plants. And the refining plants wouldn’t have room for the oil being off loaded from the huge tankers coming from the oil fiends.

Just $10.00 each time you buy gas. Don’t fill it up. You may have to stop for gas twice a week but, the price should come

Think about it.

As an added note…When I buy $10.00 worth of gas that leaves my tank a little under quarter full. The way prices are jumping around, you can buy gas for $2.65 a gallon and then the next morning it can be $2.15. If you have your tank full of $2.65 gas you don’t have room for the $2.15 gas. You might not understand the economics of only buying two eggs at a time but, you can’t buy cheaper gas if your tank is full of the high priced stuff.

Also, don’t buy anything else at the gas station; don’t give them any more of your hard earned money than what you spend on gas, until the prices come down…”