SlideShare una empresa de Scribd logo

E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

E
e2-labs

CGG and TiE "Officially Supported" by Department of Communications and IT, Government of Andhra Pradesh along with E2labs, Asia's first Anti - Hacking Academy is jointly organizing a 5 days Advanced Program on "Learn - Breaking Down the Security of a Website, Web Application or Company for Real" from Monday, 22nd October to Friday, 26th October at CGG (Centre of Good Governance),Rd# 25,Jubilee Hills, Hyderabad.

Educación
1 de 2
Descargar para leer sin conexión
BY INTERNATIONAL TRAINERS Chris Russo's Profile Chris Russo has been working as an independent consultant for 5 years, reporting several vulnerabilities in web applications and websites including the Large Hadron Collider, Adobe, Microsoft, Plenty of fish, E-Harmony & Pirate bay before starting to work as Professional Penetration Tester at Rapid7 Argentina during the last year. He also developed tools for automatic and LEARN-BREAKING DOWN progressive analysis of web applications as support during security audits. He currently heads his own company in Buenos Aires, dedicated to provide corporate solutions in risk analysis, penetration testing and security trainings. Fernando Via's Profile THE SECURITY OF A WEBSITE, WEB APPLICATION Fernando is an IR security consultant and developer with more than 5 years of experience in the field. During the last years he has been working on Rapid7 as a professional security consultant. Additionally OR COMPANY FOR REAL ! Fernando has been working in the development of Open Source tools for web application security automation and security improvements of web application frameworks. IN INDUSTRY , ONE QUESTION OFTEN ARISES : HOW DO I KNOW MY SYSTEM IS SECURE ? Why this Course? Security is about reducing the impact of unpredictable attacks to an organization. The response to buggy, insecure software is generally doing nothing or installing a product that is a security countermeasure for the vulnerability (for example, buying a database security solution) instead of fixing the SQL injection vulnerability in the code itself. Through lecture, Hands on Labs, Tools, Certification, Course Material and breakout discussion groups, you will learn about current threat trends across the Internet and their impact on organizational security. You will also review standard cyber security terminology and compliance requirements, examine sample exploits, and gain hands- on experience mitigating controls. In a contained lab environment, you will work with XSS Flaws, Sea Surf (XSRF), Session Fixation, Cookie Spoofing along with LFI & RFI Techniques. Hack in the Box –Competition concludes the Program! Who Should Attend? • IT Managers • IT Security Specialists • Government Officials • C.I.O • C.T.O • C.S.O • Banking Officials • Corporate Sectors • Telecom Operators • Law Enforcement Agencies • Vulnerability Assessor • IT Auditors • Advocates & Judges • Computer Forensics Expert • Network Administrators • Software Developer • Web Application Developers • Students • • System Admin • Cyber Cells Individuals and Enthusiasts interested in the course. • Security auditors Cyberspace is The Nervous System of Bulk Discounts Available - 1 week Training Program Infrastructure The Control System of a Nation For (Corporate’s) Rs. 59,000/- (Government & Students) Rs. 49,000/- GOALS For Corporate Bookings, please feel free to contact: This is the cyber security training course IT professionals have been looking for.” Dr. Zaki Qureshey Soniya Office: +91-40 2355 4080 CGG & E2labs are Jointly Conducting highly innovative Hands on Web Application & Web Penetration Security +91-90000 62062 +91-98851 60043 +91-924 656 4080 Course, which is geared to provide an actionable skill set that can be utilized to mitigate enterprise risk from day one. "That's why it is crucial that every IT organization learns How to secure a Web-Site, Web-Application, classification & Visit us : www.cgg.gov.in www.e2-labs.com identification of Vulnerabilities, attack methods and Solutions and by implementing enforceable security policies."
About CGG About E2Labs The Centre for Good Governance (CGG) was established with a mandate from the Department of Administrative E2labs designs, develops & Delivers Information Security Training and Information Assurance Services that meet Reform & Public Grievances, Government of India and the Government of Andhra Pradesh. CGG undertakes action Military, Government, Private Sector & Institutional Specifications. In doing so, E2labs have become the De-Facto research, provides professional advice and conducts change management programs for government departments standard for Governments and Organizations Worldwide. Est. in 2003, E2labs is one of Top 100 Companies in Asia's and agencies. Especially citizens for improvement in the policy, processes and functioning of government for better leading Information Security and also the 1st Anti hacking Academy in Asia. services to the nation. • Require • Google hacking Advice • Require_once • References and examples The course might be extended in order to cover more detailed techniques and/or additional topics if the • Move_uploaded_files Trainees learning speed allow us. • Tools for Hackers • fopen • Offensive: • Hands On Session TOPICS • Running malicious code on Server • Running malicious code on Browser DAY 4: SEA SURF: XSRF FLAWS DAY 1: A QUICK OVERVIEW • Error based SQLi • Blind SQLi • How a web shell works • Differences in XSS and XSRF • Usage of web apps • Time based • Shell uploading • Grow • When did I send that? • OS commanding from SQL • C99 • HTTP and HTTPS • Offensive: • Reading local files • Defensive • Methods • Writing local files • Sending POST information • Expressions • Headers • Creating reverse connections • Google hacking • somewhere else • Webservices • Evasion Techniques • References and examples • Using iframes • Using chars • Tools for Hackers • Using source params • Browser languages • Spaces • Hands On Session • Advanced offensive Techniques • MySQL and MSSQL • Google hacking • XSRF web worms • Offensive analysis basics • References and examples DAY 3: XSS FLAWS • Defensive: • The procedure • Tools for Hackers • Hands On Session • What is XSS and how does it • Tokens • Where the issues comes affect the application? • Expressions • Discover DAY 2: LFI TECHNIQUES • What is the DOM once again? • Check referrer • What are the possible vulnerabilities • Taking control of the user's browser • Seeking weakness in • Crossdomain.xml and consequences? • Include • Small differences, big changes: • Doble password check • A quick overview of the potential threats • Include_once • XSS • Google hacking • Require • When XSS finds a SQL. • References and examples DAY 1: ISSUES ON DB • Require_once • DOM based XSS • Move_uploaded_files • Tools for Hackers • What is SQL and how databases work? • Based on: • Which information is stored in a database • fopen • Hands On Session • XSS based on images • Technologies and versions • Offensive: • The CRUD • Information Disclosure • XSS based on CSS DAY 5: SESSIONS AND COOKIES • Insert data (Create) • XSS based on SVG • Session Fixation • Gaining access from LFI • Get existing data (Read) • Running code inside images • Offensive • Cookie spoofing • Modify existing data (Update) • Running code inside Apache logs • Your user is mine • Delete data (Delete) • Unsafe webserver configuarations • Running code inside sessions • Taking cookies and sessions • Offensive • Banners • Running code inside cookies • Use encoding • The power of ' and “ • Directory Indexing • Reading config files • Gaining access from XSS. • The procedure • HTTP authentication • Numeric and String based attacks • And more… • DOM redressing • Google hacking • XSS and bundle packs for massive ownage. • Low HTTP methods restrictions • Using order by • Masking • References and examples • Advanced offensive Techniques • Common developers errors • The chars • Tools for Hackers • Phishing • Backup files • Reading information from the database • Hands On Session • Hidden HTML fields • XSS Frameworks • Password Grabbing • Seeking weakness • Defensive • Information disclosure • Grabbing MSSQL Server hashes • Include • Inband • Include_once • Expressions • Hands On Session

Recomendados

Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
Denim Group
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security World
Denim Group
 
Social Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell YouSocial Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell You
Denim Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Denim Group
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
Denim Group
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
Scott Sutherland
 

Recomendados

Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
Denim Group
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security World
Denim Group
 
Social Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell YouSocial Networks and Security: What Your Teenager Likely Won't Tell You
Social Networks and Security: What Your Teenager Likely Won't Tell You
Denim Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Denim Group
 
The Permanent Campaign
The Permanent CampaignThe Permanent Campaign
The Permanent Campaign
Denim Group
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
Scott Sutherland
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
Denim Group
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
Denim Group
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
justinkallhoff
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
Morakinyo Animasaun
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content Handling
Denim Group
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
Stephen Cobb
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
tmbainjr131
 
How is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to OthersHow is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to Others
Denim Group
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
Andris Soroka
 
Information Security: A mindset, not a product
Information Security: A mindset, not a productInformation Security: A mindset, not a product
Information Security: A mindset, not a product
jaymemcree
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And More
Blake Carver
 
Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0
grp362
 
Is talent shortage ws marco morana
Is talent shortage ws marco moranaIs talent shortage ws marco morana
Is talent shortage ws marco morana
Marco Morana
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
Denim Group
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013
Bill Burns
 
Application Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability ManagerApplication Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability Manager
Denim Group
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
Tudor Damian
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
Denim Group
 

Más contenido relacionado

La actualidad más candente

The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
Denim Group
 
How is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to OthersHow is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to Others
Denim Group
 

La actualidad más candente (16)

Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
The Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy WorldThe Need For Open Software Security Standards In A Mobile And Cloudy World
The Need For Open Software Security Standards In A Mobile And Cloudy World
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017Clear and present danger: Cyber Threats and Trends 2017
Clear and present danger: Cyber Threats and Trends 2017
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content Handling
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrowCyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
 
How is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to OthersHow is Your AppSec Program Doing Compared to Others
How is Your AppSec Program Doing Compared to Others
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Information Security: A mindset, not a product
Information Security: A mindset, not a productInformation Security: A mindset, not a product
Information Security: A mindset, not a product
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And More
 
Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0Isa Chapters Cyber is Hard presentation v1.0
Isa Chapters Cyber is Hard presentation v1.0
 
Is talent shortage ws marco morana
Is talent shortage ws marco moranaIs talent shortage ws marco morana
Is talent shortage ws marco morana
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 

Similar a E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
Denim Group
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013
Bill Burns
 
Application Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability ManagerApplication Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability Manager
Denim Group
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
Denim Group
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
pvanwoud
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Denim Group
 

Similar a E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE (20)

Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013
 
Application Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability ManagerApplication Security Program Management with Vulnerability Manager
Application Security Program Management with Vulnerability Manager
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
Skeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited ApplicationsSkeletons in the Closet: Securing Inherited Applications
Skeletons in the Closet: Securing Inherited Applications
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
 
Streamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptxStreamlining AppSec Policy Definition.pptx
Streamlining AppSec Policy Definition.pptx
 
Application security in a hurry webinar
Application security in a hurry webinarApplication security in a hurry webinar
Application security in a hurry webinar
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Think Future Technologies
Think Future TechnologiesThink Future Technologies
Think Future Technologies
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
 
Snyk investor deck late 2015 short
Snyk investor deck late 2015 shortSnyk investor deck late 2015 short
Snyk investor deck late 2015 short
 

Último

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Último (20)

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 

E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

  • 1. BY INTERNATIONAL TRAINERS Chris Russo's Profile Chris Russo has been working as an independent consultant for 5 years, reporting several vulnerabilities in web applications and websites including the Large Hadron Collider, Adobe, Microsoft, Plenty of fish, E-Harmony & Pirate bay before starting to work as Professional Penetration Tester at Rapid7 Argentina during the last year. He also developed tools for automatic and LEARN-BREAKING DOWN progressive analysis of web applications as support during security audits. He currently heads his own company in Buenos Aires, dedicated to provide corporate solutions in risk analysis, penetration testing and security trainings. Fernando Via's Profile THE SECURITY OF A WEBSITE, WEB APPLICATION Fernando is an IR security consultant and developer with more than 5 years of experience in the field. During the last years he has been working on Rapid7 as a professional security consultant. Additionally OR COMPANY FOR REAL ! Fernando has been working in the development of Open Source tools for web application security automation and security improvements of web application frameworks. IN INDUSTRY , ONE QUESTION OFTEN ARISES : HOW DO I KNOW MY SYSTEM IS SECURE ? Why this Course? Security is about reducing the impact of unpredictable attacks to an organization. The response to buggy, insecure software is generally doing nothing or installing a product that is a security countermeasure for the vulnerability (for example, buying a database security solution) instead of fixing the SQL injection vulnerability in the code itself. Through lecture, Hands on Labs, Tools, Certification, Course Material and breakout discussion groups, you will learn about current threat trends across the Internet and their impact on organizational security. You will also review standard cyber security terminology and compliance requirements, examine sample exploits, and gain hands- on experience mitigating controls. In a contained lab environment, you will work with XSS Flaws, Sea Surf (XSRF), Session Fixation, Cookie Spoofing along with LFI & RFI Techniques. Hack in the Box –Competition concludes the Program! Who Should Attend? • IT Managers • IT Security Specialists • Government Officials • C.I.O • C.T.O • C.S.O • Banking Officials • Corporate Sectors • Telecom Operators • Law Enforcement Agencies • Vulnerability Assessor • IT Auditors • Advocates & Judges • Computer Forensics Expert • Network Administrators • Software Developer • Web Application Developers • Students • • System Admin • Cyber Cells Individuals and Enthusiasts interested in the course. • Security auditors Cyberspace is The Nervous System of Bulk Discounts Available - 1 week Training Program Infrastructure The Control System of a Nation For (Corporate’s) Rs. 59,000/- (Government & Students) Rs. 49,000/- GOALS For Corporate Bookings, please feel free to contact: This is the cyber security training course IT professionals have been looking for.” Dr. Zaki Qureshey Soniya Office: +91-40 2355 4080 CGG & E2labs are Jointly Conducting highly innovative Hands on Web Application & Web Penetration Security +91-90000 62062 +91-98851 60043 +91-924 656 4080 Course, which is geared to provide an actionable skill set that can be utilized to mitigate enterprise risk from day one. "That's why it is crucial that every IT organization learns How to secure a Web-Site, Web-Application, classification & Visit us : www.cgg.gov.in www.e2-labs.com identification of Vulnerabilities, attack methods and Solutions and by implementing enforceable security policies."
  • 2. About CGG About E2Labs The Centre for Good Governance (CGG) was established with a mandate from the Department of Administrative E2labs designs, develops & Delivers Information Security Training and Information Assurance Services that meet Reform & Public Grievances, Government of India and the Government of Andhra Pradesh. CGG undertakes action Military, Government, Private Sector & Institutional Specifications. In doing so, E2labs have become the De-Facto research, provides professional advice and conducts change management programs for government departments standard for Governments and Organizations Worldwide. Est. in 2003, E2labs is one of Top 100 Companies in Asia's and agencies. Especially citizens for improvement in the policy, processes and functioning of government for better leading Information Security and also the 1st Anti hacking Academy in Asia. services to the nation. • Require • Google hacking Advice • Require_once • References and examples The course might be extended in order to cover more detailed techniques and/or additional topics if the • Move_uploaded_files Trainees learning speed allow us. • Tools for Hackers • fopen • Offensive: • Hands On Session TOPICS • Running malicious code on Server • Running malicious code on Browser DAY 4: SEA SURF: XSRF FLAWS DAY 1: A QUICK OVERVIEW • Error based SQLi • Blind SQLi • How a web shell works • Differences in XSS and XSRF • Usage of web apps • Time based • Shell uploading • Grow • When did I send that? • OS commanding from SQL • C99 • HTTP and HTTPS • Offensive: • Reading local files • Defensive • Methods • Writing local files • Sending POST information • Expressions • Headers • Creating reverse connections • Google hacking • somewhere else • Webservices • Evasion Techniques • References and examples • Using iframes • Using chars • Tools for Hackers • Using source params • Browser languages • Spaces • Hands On Session • Advanced offensive Techniques • MySQL and MSSQL • Google hacking • XSRF web worms • Offensive analysis basics • References and examples DAY 3: XSS FLAWS • Defensive: • The procedure • Tools for Hackers • Hands On Session • What is XSS and how does it • Tokens • Where the issues comes affect the application? • Expressions • Discover DAY 2: LFI TECHNIQUES • What is the DOM once again? • Check referrer • What are the possible vulnerabilities • Taking control of the user's browser • Seeking weakness in • Crossdomain.xml and consequences? • Include • Small differences, big changes: • Doble password check • A quick overview of the potential threats • Include_once • XSS • Google hacking • Require • When XSS finds a SQL. • References and examples DAY 1: ISSUES ON DB • Require_once • DOM based XSS • Move_uploaded_files • Tools for Hackers • What is SQL and how databases work? • Based on: • Which information is stored in a database • fopen • Hands On Session • XSS based on images • Technologies and versions • Offensive: • The CRUD • Information Disclosure • XSS based on CSS DAY 5: SESSIONS AND COOKIES • Insert data (Create) • XSS based on SVG • Session Fixation • Gaining access from LFI • Get existing data (Read) • Running code inside images • Offensive • Cookie spoofing • Modify existing data (Update) • Running code inside Apache logs • Your user is mine • Delete data (Delete) • Unsafe webserver configuarations • Running code inside sessions • Taking cookies and sessions • Offensive • Banners • Running code inside cookies • Use encoding • The power of ' and “ • Directory Indexing • Reading config files • Gaining access from XSS. • The procedure • HTTP authentication • Numeric and String based attacks • And more… • DOM redressing • Google hacking • XSS and bundle packs for massive ownage. • Low HTTP methods restrictions • Using order by • Masking • References and examples • Advanced offensive Techniques • Common developers errors • The chars • Tools for Hackers • Phishing • Backup files • Reading information from the database • Hands On Session • Hidden HTML fields • XSS Frameworks • Password Grabbing • Seeking weakness • Defensive • Information disclosure • Grabbing MSSQL Server hashes • Include • Inband • Include_once • Expressions • Hands On Session