HACKING EXTREME WEB APPLICATIONS – SPECIAL EDITION

Web-based applications are becoming a favorite point of attack, not only because more and more companies are providing Web services, online shops, banking applications, employee portals and other interactive applications with Web frontends, but also because new methods are available for attacking and manipulating these systems.

"Extreme Hacking: Web Applications" is concerned with attacks on Web applications and the databases located behind them.

This intensive course teaches you about methods used by attackers, and both well-known and lesser-known techniques for attacking web applications and the databases and backends located behind them, all with a very practical approach enhanced by means of numerous laboratory exercises. By means of numerous exercises, we explain the theory and practice behind buzzwords such as "SQL injection", "hidden manipulation", "cross-site scripting" and many others.

Each course participant has the use of an individual notebook containing an extensive assortment of tools, making it possible to gain personal, practical experience with the attacker's point of view. The trainers carry out security audits on a regular basis, and are known as experts in the field of applications security.

Examples of the subject areas covered:
• (Advanced)Cross Site Scripting
• Session Fixation
• (Advanced)SQL Injection
• Web Spoofing
• Load Balancer Spotting und Fingerprinting
• Proxy Spotting und Fingerprinting
• Webserver Fingerprinting
• Crawler
• Vulnerabilities in the Application Logic
• Command Injection
• Vulnerabilities During Data Upload
• Directory Traversal
• SSL Man in the Middle and SSL Vulnerabilities
• Systematic Password Guessing
• Systematic Guessing/Predicting of Session IDs
• Phishing
• Classic Software Vulnerabilities within the Application (Buffer Overflows, etc.)
• Classic Software Vulnerabilities in Web Server Services (Buffer Overflows, etc.)
• Directory Listings

Systems covered:
Unix or Windows-based Web servers, databases, application servers, etc.

Target group:
Administrators and security officers who are not afraid to see security through the eyes of the attacker, and thus to delve very deeply into the attacker's world. It is also of interest to developers and administrators of Web servers and e-business systems.

Prerequisite:
Basic knowledge of web servers, HTTP and HTML.
Prior participation in the course "Extreme Hacking“ is helpful.

Further information www.cirosec.de.

Max. number of attendees: 15 people

Price: 2.000,– €

Date: February  1st – 2nd 2010 – the two days before IT-Defense 2010

Location:

Hotel LING BAO

Berggeiststr. 31-41

50321 Brühl