Web Application Security Workshop

Overview

From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has become a major revenue generator. As everyone jumps on the bandwagon to do business on the Web, many problems can arise which are directly related to the security aspects of Web applications. The adage "where there is money, there is crime" has become true on a daily basis as we see credit cards and other financial data compromised through Web application vulnerabilities. And that is not even the full extent of the problem because Web-based malware and worms are still spreading in the wild.

How do you protect your Web applications? Our Web application security workshop is a 2-day hands-on, action packed course covering the common vulnerabilities that are leveraged by attackers, the principles of securing Web applications, and general defense techniques to protect against future attacks. This course will help you understand the mechanics of the components necessary for effective Web application security which will then enable you to properly defend your organization's assets.

This course is particularly well suited to developers, QA analysts, and infrastructure security professionals who have an interest in exploring the Web application security world. With the information you learn in this class, you will be able to perform basic security testing on Web applications, as well as architect, design and develop more secure Web applications.

Laptop

Students attending this course are required to bring their own laptops that are properly configured. There is not enough time in class to help you install your laptop; your laptop must be properly installed and configured before you come to class.

Minimum hardware requirement:

• 1GHz processor
• 512MB RAM (1GB highly recommended)
• 3GB free hard disk space
• CD ROM drive
• An unused USB slot

A laptop with Windows 2000 or XP is required with the latest Service Packs and patches. Install the Microsoft .NET framework runtime on the laptop. We will NOT be developing code on the .NET framework; some of tools used in class require the framework. Please install VMWare Player or VMWare Workstation on the laptop. (GSX and ESX will not work.) VMware player can be downloaded for free at www.vmware.com.

At the beginning of class, you will be given a Linux bootable CD. This CD will be booted within VMWare as a virtual image. You must have the ability to disable the host firewall (Windows firewall or other third party firewall) and anti-virus running on your desktop. This usually means you need to have administrative privilege on the machine. The Windows host and Linux host need to talk to each other through the VMWare network interface. A firewall could disallow such communication and render some of the exercise unsuccessful.