Application Hacking
Course Description:
Our applications are under attack on a daily basis, facing sophisticated attacks targeted at "security bugs" in the code we develop. Exposed in the hostile internet or intranet network, our software must withstand malicious user's attempts trying breaking into it, steal its data, disable its services, or perform any other unauthorized operation. Now if you don’t fully understand the risks, or even worse, not aware of - how can you know how to protect against them? The information provided by this course is a MUST for every developer, who should understand the security attacks that his or her code needs to withstand. It's a jungle out there, and as so, only the strong survives – by taking the proper actions to protect our own applications against such threats, learning from the common mistakes.Trainer:
Erez Metula is a world renowned application security expert, spending most of his time finding software vulnerabilities and teaching developers how they should avoid them. Erez has an extensive hands-on experience performing security assessments, code reviews and secure development trainings for worldwide organizations, and had previously talked at international security conferences such as BlackHat, Defcon, OWASP, RSA, SOURCE, CanSecWest and more. His latest research on Managed Code Rootkits, presented at major conferences throughout the world, was published recentely as a book by Syngress publishing. He is the founder of AppSec, where he works as an independent consultant focusing on advanced application security topics.
Module 1 - Understanding the common attack vectors
- Defacement
- Fraud
- Identity theft
- Privilege escalation
- Phishing
- Sensitive information disclosure & data theft
- Brute force
- Replay attacks
Module 2- Application security vulnerabilities
- Authentication breach
- Performing unauthorized operations
- Exposed functionality and web services
- Denial of Service (DoS)
- Malicious file uploads
- Parameter tampering
- Abusing the business logic
- SQL Injection
- XSS (Cross Site Scripting)
- CSRF (Cross Site Request Forgery)
- XPATH Injection
- OS Command Injection
- Code Injection
- Log Injection
- AJAX based attacks
- Information disclosure via error messages and exceptions
- Buffer overflows in unmanaged code
- Session based attacks
- Weak cryptography
תשארו בקשר
2008 © E4D Solutions LTD כל הזכויות שמורות ל
יתכנו שינויים במועדי הסדנאות או התכנים*