"Charting the Course... Certified Secure Web Application Engineer Course Summary
|
|
- Angelina Baldwin
- 5 years ago
- Views:
Transcription
1 Course Summary Description Web applications are increasingly more sophisticated and as such, they are critical to almost all major online businesses. As more applications are web enabled, the number of web application security issues will increase, traditional local system vulnerabilities, such as directory traversals, overflows and race conditions, are opened up to new vectors of attack. The responsibility for the security of sensitive systems will rest increasingly with the web developer, rather than the vendor or system administrator. As with most security issues involving client/server communications, Web application vulnerabilities generally stem from improper handling of client requests and/or a lack of input validation checking on the part of the developer. The mile2 training teaches students to detect various security issues with web applications and identify vulnerabilities and risks The internet is one of the most dangerous places to do business today. Every day, organizations and government fall victim to internet based attacks. In many cases, attacks could be easily thwarted but hackers, organized criminal gangs, and foreign agents are able to exploit weaknesses in web applications and architecture. The Secure Web programmer knows how to identify, mitigate and defend against all attacks, through designing and building systems that are resistant to failure. The secure web application developer knows how to develop web applications that are not subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack. The Secure Web Application Engineer course provides the developer with a thorough and broad understanding of secure application concepts, principles and standards. The developer will be able to design, develop and test web applications that will provide reliable web services that meet functional business requirements and satisfy compliance and assurance needs. Objectives Upon completion of the CSWAE students will be able to confidently undertake the CSWAE certification examination (recommended). Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing web application and secure code technologies. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world. Topics Software Security Explained Risk Management Secure Architecture Design Recent Attacks and the OWASP Top 10 Threat Modeling Software Security Vulnerabilities Other Vulnerabilities Overview of Secure Coding Principles Detailed Examination of Secure Coding Principles Secure Software Development Lifecycle PCI Data Security Standard Security Web 2.0 Other Key Items Selling Security to Management Web Application Penetration Testing Prerequisites A minimum of 12 months experience in networking technologies Sound knowledge of TCP/IP Knowledge of Microsoft packages Network+, Microsoft, Security+ Basic Knowledge of Linux is essential Duration Four days
2 Course Outline I. Software Security Explained B. What is Software Security? C. Security Terms D. Attack Vectors E. Threats F. Why Change? G. Consumer Expectations H. Business Responsibility I. Consumer Expectations J. Business Responsibility K. Response? L. Why Care About Security? M. What is Software Security? N. Software Security Methodology O. Software Security P. Why is Software Security so Tough? Q. The Rise of Insecure Software R. Connectivity S. Extensibility T. Complexity U. So what is the problem? V. Challenges With Security W. What can we do about it? X. Layered Defense Y. Secure Coding Fundamentals Z. Software Security Methodology AA. Process Overview BB. What We Can Do About It? CC. Roles and Responsibilities DD. Developer s Role II. Risk Management B. Risk Management C. Why ERM Is Important D. Important Terms E. The Importance of Risk Management F. NIST G. When Should it Start H. Risk Management in the SDLC I. Requirements Phase Tasks J. Design Phase Tasks K. Implementation Phase Tasks L. Integrate / Release Phase Tasks M. Risk Management Process N. Know The Business O. Identify Risks P. Identify Assets and Value Q. Risk Analysis R. Identify Threats and Risks S. Determine Impacts T. Impact vs. Cost to Mitigate U. Classify Risks V. Develop Mitigation Plan W. Implement X. Validating Fixes Y. Reporting Your Findings Z. Keys for Success AA. BB. Review III. Secure Architecture Design B. Secure Architecture Design C. Architecture and Design D. Enterprise Security Architecture E. Enterprise Architecture F. Security Architecture Multi-layer G. SAL Focus on Standardization H. Design for Security I. Architectural Design J. Protection K. What to Consider During Design L. Design Guidelines M. Design It Secure N. The Economics of Software O. Forces In Software P. Design Considerations Q. Secure Product Development Timeline R. Secure By Design S. Design Considerations T. The SD3 Framework U. Understanding the Environment V. Use of Encryption W. Security in Layers X. Buy vs. Build Y. Secure your data Z. Filters AA. Things to Remember BB. Review IV. Recent Attacks and the OWASP Top 10 A. OWASP Guides B. Common Vulnerabilities C. Cross Site Scripting D. XSS Example E. Cross Site Scripting F. Cross Site Scripting Attacks G. XSS Example H. Cross Site Request Forgery I. Link Injection to Facilitate Cross Site Request Forgery J. Injection Flaws
3 K. SQL Injection and Injection Flaws L. Bobby Tables M. SQL Injection Example in.net N. E-Commerce Web Site O. E-Commerce Login P. Demonstration Q. SQL Injection R. SQL Injection Buggy Code S. SQL Injection Countermeasures T. Command Injection U. SQL Injection V. Why SQL Injection? W. Blind SQL injection X. SQL Connection Properties Y. SQL Injection: Enumeration Z. SQL Extended Stored Procedures AA. Shutting Down SQL Server BB. Business Impacts of SQL Injection CC. Finding and Fixing SQL Injection DD. Unvalidated Input EE. Unvalidated Input Illustrated FF. Business Impacts of Unvalidated Input GG. Finding and Fixing Unvalidated Input HH. Common Vulnerabilities II. Buffer Overflow JJ. Buffer Overflow Illustrated KK. Business Impacts of Buffer Overflows LL. Finding and Fixing Buffer Overflows MM. Improper Error Handling NN. Improper Error Handling Illustrated OO. Business Impacts of Improper Error Handling PP. Finding and Fixing Improper Error Handling QQ. Session Hijacking RR. Session Management SS. Common Vulnerabilities TT. Session Hijacking UU. Broken Access Control VV. Broken Account and Session Management WW. Broken Authentication and Session Mgmt XX. Broken Authentication Illustrated YY. Business Impacts of Broken Authentication ZZ. Finding and Fixing Broken Authentication AAA. Broken Access Control BBB. Broken Access Control Illustrated CCC. Where Does Access Control Typically Occur? DDD. Business Impacts of Broken Access Control EEE. Finding and Fixing Broken Access Control FFF. Insecure Storage GGG. Insecure Storage Illustrated HHH. Business Impacts of Insecure Storage III. Finding and Fixing Insecure Storage JJJ. Application Denial of Service KKK. Application DOS Illustrated LLL. Business Impacts of Application DOS MMM. Finding and Fixing Application DOS NNN. Insecure Configuration Management OOO. Insecure Configuration Illustrated PPP. Business Impacts of Insecure Configuration QQQ. Finding and Fixing Insecure Configuration RRR. Attacks SSS. Man-in-the Middle TTT. Attacks UUU. Information Integrity VVV. Insufficient Anti-Automation WWW. XML Poisoning XXX. Malicious Code Execution YYY. Malicious Code Execution Example ZZZ. RSS Atom Injection AAAA. WSDL Scanning and Enumeration BBBB. Client side validation in AJAX routines CCCC. Web Service Routing Issues DDDD. Parameter Manipulation With SOAP EEEE. XPATH Injection SOAP message FFFF. RIA Client Binary Manipulation GGGG. Information Leakage HHHH. Web 2.0 Information Leakage IIII. Application Denial of Service JJJJ. Application Denial of Service Remediation KKKK. Application Level DOS LLLL. Real-World Test MMMM. Hacktics Results NNNN. Directory Traversal OOOO. Directory Listing PPPP. Insecure Software is Everywhere QQQQ. Security Focus RRRR. SecurityFocus (Demo) SSSS. ISS (Demo) TTTT. Review
4 V. Threat Modeling B. Threat Modeling Overview C. The Process D. Identify Security Objectives E. Application Review F. Application Diagram G. Application Decomposition H. Identify Threats I. Threat Modeling J. Harmonized Threat and Risk Assessment Methodology K. Framework for the Harmonized TRA Methodology L. Example: Threat Graph M. Example: Threat Tree N. Threat Methodologies (STRIDE) O. Spoofing Identity P. Tampering With Data Q. Repudiation R. Information Disclosure S. Denial of Service T. Elevation of Privilege U. Rank the Threats (DREAD) V. How to Respond to Threats W. Mitigating Threats X. Review VI. Software Security Vulnerabilities A. Introduction B. Application Test Script Detected C. Cacheable SSL page D. Cacheable SSL Page Remediation E. Database Error Pattern Found F. Database Error Message Found G. Direct Access to Administration Pages H. Address Pattern Found I. HTML Comments Contain Sensitive Information J. Internal IP Address Disclosure K. Missing Secure Attribute in Encrypted Sessions L. Possible Server Path Disclosure M. Query Parameter found in SSL Request N. Query Parameter Found in SSL Request O. Unencrypted Login Request P. Cross Site Scripting Q. XSS Example R. Phishing S. Phishing Web 2.0 Example T. Injection Flaws U. Cross Site Scripting V. Cross Site Scripting Attacks W. XSS Example X. SQL Injection and Injection Flaws Y. Bobby Tables Z. SQL Injection Example in.net AA. E-Commerce Web Site BB. E-Commerce Login CC. SQL Injection DD. Demonstration EE. SQL Injection Buggy Code FF. SQL Injection Countermeasures GG. Cross Site Request Forgery HH. Web-Based II. Cross Site Request Forgery JJ. Directory Traversal VII. Other Vulnerabilities A. Introduction B. HTTP Response Splitting C. Application Input Restrictions Bypass D. Hidden Directory Detected E. Microsoft ASP Debugging Enabled F. Sensitive Files Found G. Unencrypted View H. Where to Learn More I. Phishing J. Phishing Web 2.0 Example K. Sensitive Data Leakage (CWE-0) L. Information Leakage M. Web 2.0 Information Leakage N. Information Integrity O. Insufficient Anti-Automation P. XML Poisoning Q. Malicious Code Execution R. RSS Atom Injection S. WSDL Scanning and Enumeration T. Client side validation in AJAX routines U. Web Service Routing Issues V. Parameter Manipulation with SOAP W. XPATH Injection SOAP message X. RIA Client Binary Manipulation Y. Two Types of Vulnerabilities Z. Activity Monitoring and Data Retrieval AA. Unauthorized Dialing, SMS, and Payments BB. Unauthorized Network Connectivity (exfiltration or command & control) CC. UI impersonation DD. System Modification (rootkit, APN, proxy config) EE. Logic or Time Bomb (CWE-) FF. Hardcoded Password/Keys (CWE-) GG. Summary
5 VIII. Overview of Secure Coding Principles A. The Principles of Secure Development B. Principle #1 Input Validation C. Possible Places to do Validation D. Principle #3 Improper Error Handling E. Principle #4 Authentication and Authorization F. Principle #5 Session Hijacking G. Principle #6 Secure Communications IX. Detailed Examination of Secure Coding Principles B. Data Validation C. Defending the Attack D. Error and Exception Handling E. Logging and Auditing F. Authentication G. Web Authentication Methods H. Basic and Digest Authentication I. Form Based Authentication J. Certificate Based Authentication K. Strong Authentication L. Authorization M. Review X. Secure Software Development Lifecycle B. Secure SDLC Overview C. S-SDLC Overview D. A Secure Process E. Manager s Point of View F. Developer s Point of View G. Phases of The Development Lifecycle H. Project Initiation/Concept I. Requirements Gathering J. Integration Through Risk Management K. Principles L. Process M. Risk Assessment N. Testing Methodologies O. Integrating Testing in the Dev Lifecycle P. Architecture and Design Q. Implementing Defense In-depth R. Traceability Matrix S. Things to Consider T. Development U. Testing V. Unit Test W. Testing X. Implementation and Deployment Y. Maintenance Z. Review XI. PCI Data Security Standard A. Payment Card Industry B. PCI DSS Overview C. PCI Overview D. PCI-Requirement 6 E. Requirement 6.1 F. Requirement 6.2 G. Requirement 6.3 H. Requirement 6.4 I. Requirement 6.5 J. Requirement 6.6 K. Discussion L. Summary M. Security Audit Procedures N. Compensating Controls O. Summary XII. Security Web 2.0 A. Introduction B. What is Web 2.0 and who uses it? C. Classic Web Vs Ajax D. Synchronous vs. Asynchronous E. WEB 2.0 Target Application Layout F. Web 2.0 Security Vulnerabilities G. Web 2.0 Usability H. Web 2.0 and No SSL I. Web 2.0 and Remember Me J. Web 2.0 and Social Engineering K. Overpowered APIs and Duplicated Code L. Outsourcing M. Web 2.0 and Cutting Edge Technology N. Web 2.0 and Trust O. Web 2.0 Security Vulnerabilities P. Systems Susceptible to Attacks Q. Insufficient Authentication Controls XIII. Other Key Items B. Other items - Integrated Systems C. ISO D. Organizational Standard Processes E. The CMMI Approach F. International StandardsSSE-CMM G. Integrated Systems H. What is DMZ? I. Classic Security Model J. DNS K. Middleware Defined L. Integrated Systems Fundamental Requirements
6 M. What to Require N. How do you select the correct security product? O. The Software Market P. The Market is Changing! Q. The Future XIV. Selling Security to Management A. Security is Challenging B. Software Security is A Different World C. Root Causes of Application Insecurity D. Targeting the Root Causes E. What to Recommend F. Key Enhancements G. Advanced Enhancements H. Application Security I. Capacity Scorecard J. Compliance & Security K. Integrated Requirements L. Recommended Training M. Review XV. Web Application Penetration Testing B. Secure Code Review C. Web Application Penetration Testing Overview D. Quick Poll E. Benefits of a Penetration Test F. Article and Example of WAPT G. Current Problems in WAPT H. Learning Attack Methods I. Developer s Point of View J. Progression of The Professional Hacker K. What Information is gathered by the Hacker? L. Methods of Obtaining Information M. Physical Access N. Social Access O. Social Engineering Techniques P. Digital Access Q. Passive vs. Active Reconnaissance R. Footprinting Defined S. Footprinting Tool: KartOO Website T. Footprinting tools U. Google and Query Operators V. Instructor Demonstration W. SPUD: Google API Utility Tool X. Instructor Demonstration Y. Online Social Websites Z. Identity Theft and MySpace AA. Instant Messengers and Chats BB. Blogs, Forums & Newsgroups CC. Internet Archive: DD. The WayBack Machine EE. Domain Name Registration FF. WHOIS GG. WHOIS Output HH. Instructor Demonstration II. DNS Databases JJ. Using Nslookup KK. Dig for Unix / Linux LL. People Search Engines MM. Client Reputation NN. Web Server Info Tool: Netcraft OO. Countermeasure: Domainsbyproxy.com PP. Footprinting Countermeasures QQ. Introduction to Port Scanning RR. Popular Port Scanning Tools SS. Port Scan Tips TT. Most Popular: BackTrack UU. Expected Results VV. Method: Ping WW. Stealth Online Ping XX. NMAP: Preferred Scanning Tool YY. Which Services use Which Ports? ZZ. OS Fingerprinting AAA. Countermeasures: Scanning BBB. Enumeration Overview CCC. Web Server Banners DDD. Practice: Banner Grabbing with Telnet EEE. SuperScan 4 Tool: Banner Grabbing FFF. Sc GGG. SMTP Server Banner HHH. DNS Enumeration III. Web Application Penetration Methodologies JJJ. HTTrack Tool: Copying the website offline KKK. Httprint Tool: Web Server Software ID LLL. Instructor Demonstration MMM. The Anatomy of a Web Application Attack NNN. The Anatomy of a Web Application Attack OOO. Web Attack Techniques PPP. Cracking Techniques QQQ. Password Guessing RRR. Brute Force Tools SSS. Precomputation Detail TTT. Cain and Abel s Cracking Methods UUU. Free Rainbow Tables VVV. Password Sniffing WWW. Changes In Software Development XXX. Reality Check YYY. Changes Required From Security Testers
7 ZZZ. Types of Penetration Testing AAAA. Penetration Testing Methodologies BBBB. FireFox The ScriptKiddie s Dream CCCC. Assessment Tool: Stealth HTTP Scanner DDDD. Acunetix Web Scanner EEEE. Wikto Web Assessment Tool FFFF. Instructor Demonstration GGGG. Tool: Paros Proxy HHHH. Instructor Demonstration IIII. Tool: Burp Proxy JJJJ. Fuzzers KKKK. Nessus LLLL. Nessus Report MMMM. SAINT Sample Report NNNN. Hacking Tool: Metasploit OOOO. Direct Attacks Against a Database PPPP. Attacking Database Servers QQQQ. Obtaining Sensitive Information RRRR. Hacking Tool: SQL Ping2 SSSS. Hacking Tool: osql.exe TTTT. Hacking Tool: Query Analyzers UUUU. Hacking Tool: SQLExec VVVV. Oracle Security Expert WWWW. Hardening Databases XXXX. On the Horizon YYYY. Website Reviews ZZZZ. Review
CSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More information"Charting the Course... MOC A Planning, Deploying and Managing Microsoft Forefront TMG Course Summary
Description Course Summary The goal of this three-day instructor-led course is to provide students with the knowledge and skills necessary to effectively plan, deploy and manage Microsoft Forefront Threat
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationCPTE: Certified Penetration Testing Engineer
www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification
More informationCertified Vulnerability Assessor
Certified Vulnerability Assessor COURSE BENEFITS Course Title:Certified Vulnerability Assessor Duration: 3Day Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites:
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More information"Charting the Course... Teradata SQL Course Summary
Course Summary Description In this course, students will learn SQL starting at the most basic level and going to the most advanced level with many examples. Topics Basic SQL Functions The WHERE Clause
More informationModule 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services
Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Securing Java/ JEE Web Applications (TT8320-J) Day(s): 4 Course Code: GK1123 Overview Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course, essential for experienced
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationIntegrigy Consulting Overview
Integrigy Consulting Overview Database and Application Security Assessment, Compliance, and Design Services March 2016 mission critical applications mission critical security About Integrigy ERP Applications
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationWAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials
The most practical and comprehensive training course on Web App Penetration testing WAPT in pills: Self-paced, online, flexible access 1000+ interactive slides 4+ hours of video materials Learn the most
More informationCEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018
Course Outline CEH v8 - Certified Ethical Hacker 12 May 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationCertified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationDevelopment*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationV8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018
Course Outline CEH v8 - Certified Ethical Hacker 03 Feb 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationWEB APPLICATION PENETRATION TESTING VERSION 2
WEB APPLICATION PENETRATION TESTING VERSION 2 The most practical and comprehensive training course on web application pentesting elearnsecurity has been chosen by students in over 140 countries in the
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker
NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationCNIT 129S: Securing Web Applications. Ch 4: Mapping the Application
CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]
s@lm@n ECCouncil Exam 312-50v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] Topic break down Topic No. of Questions Topic 1: Background 38 Topic 3: Security 57 Topic 4: Tools
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationWAPTv2 at a glance: Self-paced, online, flexible access interactive slides and 5+ hours of video material. Downloadable material
The most practical and comprehensive training course on Web App Pentest WAPTv2 at a glance: Self-paced, online, flexible access 1850+ interactive slides and 5+ hours of video material Downloadable material
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationSecurity Testing White Paper
Security Testing White Paper Table of Contents 1. Introduction... 3 2. Need for Security Testing... 4 3. Security Testing Framework... 5 3.1 THREAT ANALYSIS... 6 3.1.1 Application Overview... 8 3.1.2 System
More informationSection 6: Triangles Part 1
Section 6: Triangles Part 1 Topic 1: Introduction to Triangles Part 1... 125 Topic 2: Introduction to Triangles Part 2... 127 Topic 3: rea and Perimeter in the Coordinate Plane Part 1... 130 Topic 4: rea
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationC EHP Certified Ethical Hacking Professional
C EHP Certified Ethical Hacking Professional I N D I A N C Y B E R S E C U R I T Y S O L U T I O N S Indian Cyber Security Solutions had been working with the organizations and government agencies. With
More informationHacker Attacks on the Horizon: Web 2.0 Attack Vectors
IBM Software Group Hacker Attacks on the Horizon: Web 2.0 Attack Vectors Danny Allan Director, Security Research dallan@us.ibm.com 2/21/2008 Agenda HISTORY Web Eras & Trends SECURITY Web 2.0 Attack Vectors
More informationWeb Applications Penetration Testing
Web Applications Penetration Testing Team Members: Rahul Motwani (2016ME10675) Akshat Khare (2016CS10315) ftarth Chopra (2016TT10829) Supervisor: Prof. Ranjan Bose Before proceeding further, we would like
More informationINNOV-09 How to Keep Hackers Out of your Web Application
INNOV-09 How to Keep Hackers Out of your Web Application Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com What is a Web Application? Any access to your data via the Internet
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationCEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 15 Jan
Course Outline CEH v8 - Certified Ethical Hacker 15 Jan 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training
More informationF5 Big-IP Application Security Manager v11
F5 F5 Big-IP Application Security Manager v11 Code: ACBE F5-ASM Days: 4 Course Description: This four-day course gives networking professionals a functional understanding of the BIG- IP LTM v11 system
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationA Model for Penetration Testing
A Model for Penetration Testing Chuck Easttom Collin College Professional Development chuck@chuckeasttom.com Research Gate Publication Abstract Penetration testing is an increasingly integral part of cyber
More information"Charting the Course... Certified Professional Ethical Hacker. Course Summary
Course Summary Description The course is the introductory training to mile2 s line of penetration testing courses and certifications. The course training helps students gain a valuable skill-set in penetration
More informationWeb Applications Part 1 The Weak Link in Information Security Your Last Line of Defense
Web Applications Part 1 The Weak Link in Information Security Your Last Line of Defense Anthony Lim MBA FCITIL CISSP CSSLP Director, Security Rational Software - Asia Pacific 1 Hong Kong 17 Nov 2009 Welcome
More informationDIS10.1 Ethical Hacking and Countermeasures
DIS10.1 Ethical Hacking and Countermeasures ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationBuilding Security Into Applications
Building Security Into Applications Cincinnati Chapter Meetings Marco Morana Chapter Lead Blue Ash, July 30 th 2008 Copyright 2008 The Foundation Permission is granted to copy, distribute and/or modify
More informationCertified Professional Ethical Hacker
Certified Professional Ethical Hacker C)PEH; 5 days, Instructor-led Course Benefits The Certified Professional Ethical Hacker vendor neutral certification course is the foundational training to line of
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Web Application: Testing Security Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 10) Web Application: Testing Security 1 Table of
More informationTable of Contents Computer Based Training - Security Awareness - General Staff AWA 007 AWA 008 AWA 009 AWA 010 AWA 012 AWA 013 AWA 014 AWA 015
Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 - Information Privacy and Security Awareness for Executives (Duration: 45 minutes)...1 AWA 008 - Information Privacy
More informationPractice Labs Ethical Hacker
Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your
More informationCopyright
1 SECURITY TEST Data flow -- Can you establish an audit trail for data, what goes where, is data in transit protected, and who has access to it? Data storage -- Where is data stored, and is it encrypted?
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationPresentation Overview
Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With Vulnerable Applications Understanding the Software Attack Surface Mean Time to Fix (MTTF) Explained Application
More informationScanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.
I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationHacking by Numbers OWASP. The OWASP Foundation
Hacking by Numbers OWASP Tom Brennan WhiteHat Security Inc. tom.brennan@whitehatsec.com 973-506-9303 skype: jinxpuppy Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationApplication. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
More informationHacking 102 Integrating Web Application Security Testing into Development
Hacking 102 Integrating Web Application Security Testing into Development Greg Pedley - gpedley@au1.ibm.com Brett Wallace - bretwal@au1.ibm.com Denice Wong deniwong@au1.ibm.com An IBM Proof of Technology
More information