CGG and TiE "Officially Supported" by Department of Communications and IT, Government of Andhra Pradesh along with E2labs, Asia's first Anti - Hacking Academy is jointly organizing a 5 days Advanced Program on "Learn - Breaking Down the Security of a Website, Web Application or Company for Real" from Monday, 22nd October to Friday, 26th October at CGG (Centre of Good Governance),Rd# 25,Jubilee Hills, Hyderabad.
E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE
1. BY INTERNATIONAL TRAINERS
Chris Russo's Profile
Chris Russo has been working as an independent consultant for 5 years, reporting several
vulnerabilities in web applications and websites including the Large Hadron Collider, Adobe,
Microsoft, Plenty of fish, E-Harmony & Pirate bay before starting to work as Professional
Penetration Tester at Rapid7 Argentina during the last year. He also developed tools for automatic and
LEARN-BREAKING DOWN
progressive analysis of web applications as support during security audits. He currently heads his own
company in Buenos Aires, dedicated to provide corporate solutions in risk analysis, penetration testing
and security trainings.
Fernando Via's Profile THE SECURITY OF A WEBSITE, WEB APPLICATION
Fernando is an IR security consultant and developer with more than 5 years of experience in the field.
During the last years he has been working on Rapid7 as a professional security consultant. Additionally OR COMPANY FOR REAL !
Fernando has been working in the development of Open Source tools for web application security
automation and security improvements of web application frameworks. IN INDUSTRY , ONE QUESTION OFTEN ARISES : HOW DO I KNOW MY SYSTEM IS SECURE ?
Why this Course?
Security is about reducing the impact of unpredictable attacks to an organization.
The response to buggy, insecure software is generally doing nothing or installing a product that is a security
countermeasure for the vulnerability (for example, buying a database security solution) instead of fixing the SQL
injection vulnerability in the code itself.
Through lecture, Hands on Labs, Tools, Certification, Course Material and breakout discussion groups, you
will learn about current threat trends across the Internet and their impact on organizational security. You will also
review standard cyber security terminology and compliance requirements, examine sample exploits, and gain hands-
on experience mitigating controls. In a contained lab environment, you will work with XSS Flaws, Sea Surf (XSRF),
Session Fixation, Cookie Spoofing along with LFI & RFI Techniques.
Hack in the Box –Competition concludes the Program!
Who Should Attend?
• IT Managers • IT Security Specialists • Government Officials
• C.I.O • C.T.O • C.S.O
• Banking Officials • Corporate Sectors • Telecom Operators
• Law Enforcement Agencies • Vulnerability Assessor • IT Auditors
• Advocates & Judges • Computer Forensics Expert • Network Administrators
• Software Developer • Web Application Developers • Students
•
•
System Admin • Cyber Cells
Individuals and Enthusiasts interested in the course.
• Security auditors
Cyberspace is The Nervous System of
Bulk Discounts Available - 1 week Training Program
Infrastructure The Control System of a Nation
For (Corporate’s) Rs. 59,000/- (Government & Students) Rs. 49,000/- GOALS
For Corporate Bookings, please feel free to contact: This is the cyber security training course IT professionals have been looking for.”
Dr. Zaki Qureshey Soniya Office: +91-40 2355 4080 CGG & E2labs are Jointly Conducting highly innovative Hands on Web Application & Web Penetration Security
+91-90000 62062 +91-98851 60043 +91-924 656 4080 Course, which is geared to provide an actionable skill set that can be utilized to mitigate enterprise risk from day one.
"That's why it is crucial that every IT organization learns How to secure a Web-Site, Web-Application, classification &
Visit us : www.cgg.gov.in www.e2-labs.com identification of Vulnerabilities, attack methods and Solutions and by implementing enforceable security policies."
2. About CGG About E2Labs
The Centre for Good Governance (CGG) was established with a mandate from the Department of Administrative E2labs designs, develops & Delivers Information Security Training and Information Assurance Services that meet
Reform & Public Grievances, Government of India and the Government of Andhra Pradesh. CGG undertakes action Military, Government, Private Sector & Institutional Specifications. In doing so, E2labs have become the De-Facto
research, provides professional advice and conducts change management programs for government departments standard for Governments and Organizations Worldwide. Est. in 2003, E2labs is one of Top 100 Companies in Asia's
and agencies. Especially citizens for improvement in the policy, processes and functioning of government for better leading Information Security and also the 1st Anti hacking Academy in Asia.
services to the nation.
• Require • Google hacking
Advice • Require_once • References and examples
The course might be extended in order to cover more detailed techniques and/or additional topics if the • Move_uploaded_files
Trainees learning speed allow us. • Tools for Hackers
• fopen
• Offensive: • Hands On Session
TOPICS • Running malicious code on Server
• Running malicious code on Browser DAY 4: SEA SURF: XSRF FLAWS
DAY 1: A QUICK OVERVIEW • Error based SQLi
• Blind SQLi • How a web shell works • Differences in XSS and XSRF
• Usage of web apps
• Time based • Shell uploading
• Grow • When did I send that?
• OS commanding from SQL • C99
• HTTP and HTTPS • Offensive:
• Reading local files • Defensive
• Methods • Writing local files • Sending POST information
• Expressions
• Headers • Creating reverse connections • Google hacking • somewhere else
• Webservices • Evasion Techniques • References and examples • Using iframes
• Using chars • Tools for Hackers • Using source params
• Browser languages
• Spaces • Hands On Session • Advanced offensive Techniques
• MySQL and MSSQL • Google hacking • XSRF web worms
• Offensive analysis basics • References and examples DAY 3: XSS FLAWS • Defensive:
• The procedure • Tools for Hackers
• Hands On Session • What is XSS and how does it • Tokens
• Where the issues comes
affect the application? • Expressions
• Discover DAY 2: LFI TECHNIQUES • What is the DOM once again? • Check referrer
• What are the possible vulnerabilities • Taking control of the user's browser
• Seeking weakness in • Crossdomain.xml
and consequences? • Include • Small differences, big changes: • Doble password check
• A quick overview of the potential threats • Include_once • XSS • Google hacking
• Require • When XSS finds a SQL. • References and examples
DAY 1: ISSUES ON DB • Require_once • DOM based XSS
• Move_uploaded_files • Tools for Hackers
• What is SQL and how databases work? • Based on:
• Which information is stored in a database • fopen • Hands On Session
• XSS based on images
• Technologies and versions • Offensive:
• The CRUD • Information Disclosure
• XSS based on CSS DAY 5: SESSIONS AND COOKIES
• Insert data (Create) • XSS based on SVG • Session Fixation
• Gaining access from LFI
• Get existing data (Read) • Running code inside images • Offensive
• Cookie spoofing
• Modify existing data (Update) • Running code inside Apache logs • Your user is mine
• Delete data (Delete) • Unsafe webserver configuarations
• Running code inside sessions • Taking cookies and sessions
• Offensive • Banners
• Running code inside cookies • Use encoding
• The power of ' and “ • Directory Indexing
• Reading config files • Gaining access from XSS.
• The procedure • HTTP authentication
• Numeric and String based attacks • And more… • DOM redressing
• Google hacking • XSS and bundle packs for massive ownage. • Low HTTP methods restrictions
• Using order by
• Masking • References and examples • Advanced offensive Techniques • Common developers errors
• The chars • Tools for Hackers • Phishing • Backup files
• Reading information from the database • Hands On Session • Hidden HTML fields
• XSS Frameworks
• Password Grabbing • Seeking weakness
• Defensive • Information disclosure
• Grabbing MSSQL Server hashes • Include
• Inband • Include_once • Expressions • Hands On Session