InfoSec Institute: Information Security Training
Application Security Training: Web Application
Hacking
The latest frontier in information security is undoubtedly application
security. The average sized organization has hundreds of in-house
and externally developed applications. With business processes increasingly
moving towards the web services and the software-as-a-service model
catching on, many organizations today are exposing data
and critical business services to untested or insecure applications.
These applications with inadequate or non-existent security are
a veritable treasure trove for malicious hackers. Most hackers have
realized that enterprise-class organizations have firewalls in place
and have a working patching policy for externally available hosts.
Increasingly, the first route in to a critical database containing
customer information, credit card data, proprietary data or classified
information is through a vulnerable application.
InfoSec Institute’s Application Security: Web Application
Hacking will position you as an able and ready Application
Security Professional. You will gain skills on how to assess
applications from a hacker’s point of view, understand application
security vulnerabilities and learn how to close these security holes
so they are never exploited by a hacker.
Application Security: Web Application Hacking is a unique offering
in the security industry. While some security courses may brush
over application security, or cover the security of small-scale
“demo” applications, InfoSec Institute concentrates
on the latest application security attacks against modern, enterprise,
applications.
This hands-on course teaches you:
- The fundamentals of modern Application Security on both .Net
and Java platforms
- Application security threats and assessment/attack techniques
- The latest threats to Web Services and AJAX-enabled applications
InfoSec Institute has only the highest quality instructors, with
deep background in Application Security. Our instructors
are actively involved in the Application Security community. They
have authored several books on the subject, spoken at various industry
conferences, and are considered subject matter experts.
Application Security: Web Application Hacking is a totally hands
on course. While a student in this class, you will be engaged in
a thought-provoking lecture on the topic at hand, and then directly
implement the relevant hands-on lab exercise in our Application
Security Lab. Some of the lectures included in the course:
Some of the topics you will learn to master during the Application
Security Training:
- Secure Programming Throughout the Application Development
Lifecycle
- Confronting Flawed Input Data
- Implementation Best Practices
- Source code analysis scanning software
- Code Origin Access Control Methods
- Network Transmission Security with the JSSE API/SSL
- WS Security, XKMS, and WS-I Basic security profile
- SecureXML Libraries
- Privilege Escalation Opportunities
- Race Conditions
- Cross Site Scripting Injection
- .Net Secure Remoting
- Windows Forms Security
- SQL Server: Exploitation and Defense
|
- Fault Injection and Fuzzing
- Java security managers, policy files, and JAAS
- ASP.NET Security
- XOR, Base64 and Garbage Data Obfuscation
- Securely Maintaining Session State – Best Practices
- Session fixation
- Vulnerabilties in AJAX-enabled applications
- Advanced SQL Injection
- Oracle PL/SQL Injection
- .Net Security tokens, XML signature, XML canonicalization,
and XML encryption
- .Net WS-Trust and WS-SecureConversation
- Error Control Verbosity Abuse
|
How You Benefit:
- Gain the in-demand career skills of an Application Security
Professional. Learn application security fundamentals, hands on
application assessment techniques and methodologies used by the
top application security professionals.
- In this application security training course, learn the how
and when it is appropriate to use tools to automate vulnerability
discovery and when manual investigation is required.
- Develop a custom process for code assessments across many languages
and platforms.
More than interesting theories and lecture, get your hands dirty
in our dedicated hacking lab in this network security training
course.
What's Included:
- 5 Days of Application Security training from a senior instructor
with real-world application assessment and remediation experience.
- Guaranteed small class size (less than 10-16 Students), you
get an intimate learning setting not offered at any of our competitors.
- InfoSec's Custom Application Security Enterprise Suite, includes
every program covered in the course for at home study.
- All meals, snacks and refreshments included.
- Certified Application Security Specialist (CASS) exam fees.
- Lecture, Lab Exercise and Text book
Required Prerequisites:
- Firm understanding of the Windows Operating System
- Programming skills in any standard language (Perl, C++/C#,
Java, etc.)
- Exposure to web application development
- Desire to learn about application security and web application
hacking!
- Ethical intentions
If you are unsure if you meet the required prerequisites,
contact us
for a quick skill check.
Current Course List:
Current Pricing (Call 866-471-0059 for
up-to-date deals):
*Available Back-To-Back with Ethical
Hacking, call for information on discount program |
