CYBER SECURITY Training Brochure FNL PDF
CYBER SECURITY Training Brochure FNL PDF
CYBER SECURITY Training Brochure FNL PDF
LEARN-BREAKING DOWN
THE SECURITY OF A WEBSITE, WEB APPLICATION
OR COMPANY FOR REAL !
9-13 JULY 2012, HOTEL THE LALIT-NEW DELHI
IN INDUSTRY , ONE QUESTION OFTEN ARISES : HOW DO I KNOW MY SYSTEM IS SECURE ?
ASSOCHAM is conducting highly innovative Hands on Web Application & Web Penetration Security Course, which is
geared to provide an actionable skill set that can be utilized to mitigate enterprise risk from day one. "That's why it is
crucial that every IT organization learns How to secure a Web-Site, Web-Application, classification & identification of
Vulnerabilities, attack methods and Solutions and by implementing enforceable security policies."
About ASSOCHAM
ASSOCHAM acknowledged as Knowledge Chamber of India has emerged as a forceful,
pro-active, effective and forward looking institution playing its role as catalyst between the
Government and Industry. ASSOCHAM established in 1920 and has been successful in
influencing the Government in shaping India’s economic, trade, fiscal and social policies which will be of benefit
to the trade and industry.
ASSOCHAM renders its service to over 4,00,000 members which includes multinational companies, India’s top
Corporates, medium and small scale units and Association representing the interest of more than 400 Chambers
and Trade Associations from all over India encompassing all sectors.
ASSOCHAM has over 100 National Committees covering the entire gamut of economic activities in India.
Advice
The course might be extended in order to cover more detailed techniques and/or additional topics if the Trainees
learning speed allow us.
• Error based SQLi
TOPICS • Blind SQLi
DAY 1: A QUICK OVERVIEW • Time based
• OS commanding from SQL
• Usage of web apps • Reading local files
• Grow • Writing local files
• HTTP and HTTPS • Creating reverse connections
• Methods • Evasion Techniques
• Headers • Using chars
• Webservices • Spaces
• Browser languages • Google hacking
• MySQL and MSSQL • References and examples
• Offensive analysis basics • Tools for Hackers
• The procedure • Hands On Session
• Where the issues comes
• Discover
DAY 2: LFI TECHNIQUES
• What are the possible vulnerabilities • Seeking weakness in
and consequences? • Include
• A quick overview of the potential threats • Include_once
• Require
DAY 1: ISSUES ON DB • Require_once
• What is SQL and how databases work? • Move_uploaded_files
• Which information is stored in a database • fopen
• Technologies and versions • Offensive:
• The CRUD • Information Disclosure
• Insert data (Create) • Gaining access from LFI
• Get existing data (Read) • Running code inside images
• Modify existing data (Update) • Running code inside Apache logs
• Delete data (Delete) • Running code inside sessions
• Offensive • Running code inside cookies
• The power of ' and “
• Reading config files
• The procedure
• Numeric and String based attacks • And more…
• Using order by • Google hacking
• Masking • References and examples
• The chars • Tools for Hackers
• Reading information from the database • Hands On Session
• Password Grabbing • Seeking weakness
• Grabbing MSSQL Server hashes • Include
• Inband • Include_once
• Require • Google hacking
• Require_once • References and examples
• Move_uploaded_files
• Tools for Hackers
• fopen
• Offensive: • Hands On Session
• Running malicious code on Server
• Running malicious code on Browser DAY 4: SEA SURF: XSRF FLAWS
• How a web shell works • Differences in XSS and XSRF
• Shell uploading • When did I send that?
• C99
• Offensive:
• Defensive
• Sending POST information
• Expressions
• Google hacking • somewhere else
• References and examples • Using iframes
• Tools for Hackers • Using source params
• Hands On Session • Advanced offensive Techniques
• XSRF web worms
DAY 3: XSS FLAWS • Defensive:
• What is XSS and how does it • Tokens
affect the application? • Expressions
• What is the DOM once again? • Check referrer
• Taking control of the user's browser • Crossdomain.xml
• Small differences, big changes: • Doble password check
• XSS • Google hacking
• When XSS finds a SQL. • References and examples
• DOM based XSS • Tools for Hackers
• Based on:
• Hands On Session
• XSS based on images
• XSS based on CSS DAY 5: SESSIONS AND COOKIES
• XSS based on SVG • Session Fixation
• Offensive
• Cookie spoofing
• Your user is mine
• Unsafe webserver configuarations
• Taking cookies and sessions
• Banners
• Use encoding
• Directory Indexing
• Gaining access from XSS.
• DOM redressing • HTTP authentication
• XSS and bundle packs for massive ownage. • Low HTTP methods restrictions
• Advanced offensive Techniques • Common developers errors
• Phishing • Backup files
• XSS Frameworks • Hidden HTML fields
• Defensive • Information disclosure
• Expressions • Hands On Session
Training Partner
E2labs designs, develops & Delivers Information Security Training and Information Assurance Services that meet
Military, Government, Private Sector & Institutional Specifications. In doing so, E2labs have become the De-Facto
standard for Governments and Organizations Worldwide. Est. in 2003, E2labs is one of Top 100 Companies in Asia's
leading Information Security and also the 1st Anti hacking Academy in Asia.
BY INTERNATIONAL TRAINERS
Chris Russo's Profile
Chris Russo has been working as an independent consultant for 5 years, reporting several
vulnerabilities in web applications and websites including the Large Hadron Collider, Adobe,
Microsoft, Plenty of fish, E-Harmony & Pirate bay before starting to work as Professional
Penetration Tester at Rapid7 Argentina during the last year. He also developed tools for automatic and
progressive analysis of web applications as support during security audits. He currently heads his own
company in Buenos Aires, dedicated to provide corporate solutions in risk analysis, penetration testing
and security trainings.
New Delhi. Tel. No.: +91 11 46550555 Fax No.: +91 11 46536481
Visit us : www.assocham.com www.e2-labs.com