Register For
Upcoming Events
August
- SANS Virginia Beach 2008
- Register Now!
- Virginia Beach, VA
- August 21 - August 29, 2008
September
- SANS Audit & Compliance 2008
- Register Now!
- Chicago, IL
- September 3 - September 10, 2008 - SANS Network Security 2008
- Register Now!
- Las Vegas, NV
- September 28 - October 6, 2008
December
- SANS London 2008
- Register Now!
- London, GB
- December 1 - December 9, 2008
Security 538 ::
Web Application Pentesting Hands-On Immersion
Overview
In the first half of 2008, 5 millions websites have been compromised by automated SQL injection attacks. The goal of the hackers was to inject links to malicious contents in order to infect the users of the web application. The automated attacks do not show any sign of stopping and will likely visit your web applications in the near future. Don't want to be a part of the statistics? Performing runtime testing is essential to making your web site secure. Security 538 is a 2 day course focusing on up to date hands-on testing aspects of Web application security.
This fast paced course is ideal for students who have basic understanding of web application security vulnerabilities and testing methodologies and are looking to upgrade and refresh their skillset in pentesting web applications or infrastructure pentesters who are expanding testing scope to web applications. If you are going to be testing web applications in the next few months, this course helps you to brush up the knowledge in web application security testing and gives you the confidence knowing that you had the hands-on experience to perform testing against the common vulnerabilities.
This action packed two day course has a strong focus on hand-on exercises with real world vulnerabilities. All the exercises are designed to give you the practice and experience with real world vulnerabilities. Throughout the two days, you will be using the various testing concepts to test vulnerable Web applications. The target applications are as realistic as possible. The labs are structured so the novice and the intermediate students can both enjoy the learning experience.
Some sampling of testing exercises we cover- Web Fingerprinting
- Input manipulation
- SQL Injection
- Blind SQL Injection
- Non-obvious Session Issues
- Brute Forcing credentials
- Cross Site Scripting
- Code Review
Laptop
Laptop RequiredStudents attending this course are required to bring their own laptops that are properly configured. There is not enough time in class to help you install your laptop; your laptop must be properly installed and configured before you come to class.
Minimum hardware requirements:
- 1GHz processor
- 512MB RAM (1GB highly recommended)
- 3GB free hard disk space
- CD-ROM drive
- An unused USB slot
A laptop with Windows 2000, XP, or Vista is required with the latest Service Packs and patches. Install the following software on the computer:
- Java Runtime Environment (JRE) - please download from http://www.sun.com
- Firefox browser (latest version)
- Microsoft .NET framework runtime (some of the testing tools require it)
Please install VMware Player or VMware Workstation on the laptop. (GSX and ESX will not work.) VMware player can be downloaded for free at http://www.vmware.com.
At the beginning of class, you will be given a Linux bootable CD. This CD will be booted within VMware as a virtual image. You must have ability to disable the host firewall (Windows firewall or other third party firewall) and anti-virus running on your desktop. This usually means you need to have administrative privilege on the machine. The Windows host and Linux host need to talk to each other through the VMware network interface. A firewall could disallow such communication and render some of the exercises unsuccessful.