MindGrove Training Consultancy

HOME
Photographic image of World cities

ABOUT US

TESTING THE SECURITY OF WEB APPLICATIONS

COURSE OVERVIEW

Nowadays, all but the smallest of organisations have a web site and most have web applications. But these beneficial channels of activity often prove to be an organisation’s “Achilles Heel”. The problem stems from the client-server paradigm and the difficulty of controlling a remote user. This course provides a stimulating “hands-on” introduction to the “ethical” security testing of web based applications.

COURSE BENEFITS

Skills:

After completion of this course, you will be able to:

  • Describe the types of attack that are possible on web based client-server systems
    Know how to fingerprint and cross check a website for vulnerabilities
    Deploy simple strategies for determining common web vulnerabilities
    Explore client- and server-side vulnerabilities by deploying a wide range of ethical hacking and exploratory scenarios
    Display a practical approach to the cost-effective construction of anti-hacking controls

Support Materials:

This course will be accompanied by a training manual containing briefing materials, examples and practical advice.

WHO SHOULD ATTEND

Those with an interest in web based application security. Those from the domains of IT Audit and IT Security will find this course of greatest practical benefit. The course uses a combination of briefings and interactive case study work to maximise knowledge transfer. Class size is strictly limited.

COURSE Programme

Introduction to web based application security

  • The World Wide Web and client-servers
    Attacks on client and server vulnerabilities
    “Man in the middle” attack

Background essentials

  • The http protocol – enough to get you started
    HTML – enough to get you started
    Servers and extensions, cookies and scripts – enough to get you started

Practical 1 – first beginnings

  • Probing your website – revealing the underpinning software and services – fingerprinting the server
    Cross-checking your website – vulnerability mapping of deployed products

Practical 2 – getting to know your website

  • Capturing your website – downloading the code, following the links, mapping the site
    Brainstorming the code – sieve for trouble
    Guessing the obvious – directory guessing and roving, prompting errors and error feedback

Practical 3 – targeting the client

  • Overcoming restrictions
    By-passing validation
    Setting up a man-in-the-middle proxy
    Attacking parameters and scripts
    Revealing and targeting hidden fields

Practical 4 – changing data

  • Overflow and null string attacks – the obvious weak spots
    Data exchanged between users – cross site scripting
    Database attacks – SQL injection

Practical 5 – targeting the server

  • More complex SQL strategies
    Denial of service attacks

Bringing it all together

  • Reporting back on findings
    Ensuring that problems are rectified
    Keeping your knowledge up to date

PRESENTED BY:
This course is designed, developed and presented by MindGrove Ltd.

TRAINING

In-House Training

Public Course Schedule

Course Library

CONSULTANCY

RESOURCES

CLIENTS

CONTACT US

To discuss bringing this course in-house, please complete our on-line Enquiry Form or call us on 01925 732 757.

Copyright 2008 MindGrove Ltd.

Call us on +44 (0)1925 732 757

All rights reserved.
to discuss your requirements