CYBER SECURITY Training Brochure FNL PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 4

Supported by:

Department of Electronics and IT


Ministry of Communications and IT
Government of India

LEARN-BREAKING DOWN
THE SECURITY OF A WEBSITE, WEB APPLICATION
OR COMPANY FOR REAL !
9-13 JULY 2012, HOTEL THE LALIT-NEW DELHI
IN INDUSTRY , ONE QUESTION OFTEN ARISES : HOW DO I KNOW MY SYSTEM IS SECURE ?

Cyberspace is The Nervous System of Infrastructure


The Control System of a Nation
This is the cyber security training course professionals have been looking for.
GOALS

ASSOCHAM is conducting highly innovative Hands on Web Application & Web Penetration Security Course, which is
geared to provide an actionable skill set that can be utilized to mitigate enterprise risk from day one. "That's why it is
crucial that every IT organization learns How to secure a Web-Site, Web-Application, classification & identification of
Vulnerabilities, attack methods and Solutions and by implementing enforceable security policies."
About ASSOCHAM
ASSOCHAM acknowledged as Knowledge Chamber of India has emerged as a forceful,
pro-active, effective and forward looking institution playing its role as catalyst between the
Government and Industry. ASSOCHAM established in 1920 and has been successful in
influencing the Government in shaping India’s economic, trade, fiscal and social policies which will be of benefit
to the trade and industry.
ASSOCHAM renders its service to over 4,00,000 members which includes multinational companies, India’s top
Corporates, medium and small scale units and Association representing the interest of more than 400 Chambers
and Trade Associations from all over India encompassing all sectors.
ASSOCHAM has over 100 National Committees covering the entire gamut of economic activities in India.
Advice
The course might be extended in order to cover more detailed techniques and/or additional topics if the Trainees
learning speed allow us.
• Error based SQLi
TOPICS • Blind SQLi
DAY 1: A QUICK OVERVIEW • Time based
• OS commanding from SQL
• Usage of web apps • Reading local files
• Grow • Writing local files
• HTTP and HTTPS • Creating reverse connections
• Methods • Evasion Techniques
• Headers • Using chars
• Webservices • Spaces
• Browser languages • Google hacking
• MySQL and MSSQL • References and examples
• Offensive analysis basics • Tools for Hackers
• The procedure • Hands On Session
• Where the issues comes
• Discover
DAY 2: LFI TECHNIQUES
• What are the possible vulnerabilities • Seeking weakness in
and consequences? • Include
• A quick overview of the potential threats • Include_once
• Require
DAY 1: ISSUES ON DB • Require_once
• What is SQL and how databases work? • Move_uploaded_files
• Which information is stored in a database • fopen
• Technologies and versions • Offensive:
• The CRUD • Information Disclosure
• Insert data (Create) • Gaining access from LFI
• Get existing data (Read) • Running code inside images
• Modify existing data (Update) • Running code inside Apache logs
• Delete data (Delete) • Running code inside sessions
• Offensive • Running code inside cookies
• The power of ' and “
• Reading config files
• The procedure
• Numeric and String based attacks • And more…
• Using order by • Google hacking
• Masking • References and examples
• The chars • Tools for Hackers
• Reading information from the database • Hands On Session
• Password Grabbing • Seeking weakness
• Grabbing MSSQL Server hashes • Include
• Inband • Include_once
• Require • Google hacking
• Require_once • References and examples
• Move_uploaded_files
• Tools for Hackers
• fopen
• Offensive: • Hands On Session
• Running malicious code on Server
• Running malicious code on Browser DAY 4: SEA SURF: XSRF FLAWS
• How a web shell works • Differences in XSS and XSRF
• Shell uploading • When did I send that?
• C99
• Offensive:
• Defensive
• Sending POST information
• Expressions
• Google hacking • somewhere else
• References and examples • Using iframes
• Tools for Hackers • Using source params
• Hands On Session • Advanced offensive Techniques
• XSRF web worms
DAY 3: XSS FLAWS • Defensive:
• What is XSS and how does it • Tokens
affect the application? • Expressions
• What is the DOM once again? • Check referrer
• Taking control of the user's browser • Crossdomain.xml
• Small differences, big changes: • Doble password check
• XSS • Google hacking
• When XSS finds a SQL. • References and examples
• DOM based XSS • Tools for Hackers
• Based on:
• Hands On Session
• XSS based on images
• XSS based on CSS DAY 5: SESSIONS AND COOKIES
• XSS based on SVG • Session Fixation
• Offensive
• Cookie spoofing
• Your user is mine
• Unsafe webserver configuarations
• Taking cookies and sessions
• Banners
• Use encoding
• Directory Indexing
• Gaining access from XSS.
• DOM redressing • HTTP authentication
• XSS and bundle packs for massive ownage. • Low HTTP methods restrictions
• Advanced offensive Techniques • Common developers errors
• Phishing • Backup files
• XSS Frameworks • Hidden HTML fields
• Defensive • Information disclosure
• Expressions • Hands On Session

Training Partner
E2labs designs, develops & Delivers Information Security Training and Information Assurance Services that meet
Military, Government, Private Sector & Institutional Specifications. In doing so, E2labs have become the De-Facto
standard for Governments and Organizations Worldwide. Est. in 2003, E2labs is one of Top 100 Companies in Asia's
leading Information Security and also the 1st Anti hacking Academy in Asia.
BY INTERNATIONAL TRAINERS
Chris Russo's Profile
Chris Russo has been working as an independent consultant for 5 years, reporting several
vulnerabilities in web applications and websites including the Large Hadron Collider, Adobe,
Microsoft, Plenty of fish, E-Harmony & Pirate bay before starting to work as Professional
Penetration Tester at Rapid7 Argentina during the last year. He also developed tools for automatic and
progressive analysis of web applications as support during security audits. He currently heads his own
company in Buenos Aires, dedicated to provide corporate solutions in risk analysis, penetration testing
and security trainings.

Fernando Via's Profile


Fernando is an IR security consultant and developer with more than 5 years of experience in the field.
During the last years he has been working on Rapid7 as a professional security consultant. Additionally
Fernando has been working in the development of Open Source tools for web application security
automation and security improvements of web application frameworks.

Why this Course?


Security is about reducing the impact of unpredictable attacks to an organization.
The response to buggy, insecure software is generally doing nothing or installing a product that is a security
countermeasure for the vulnerability (for example, buying a database security solution) instead of fixing the SQL
injection vulnerability in the code itself.
Through lecture, Hands on Labs, Tools, Certification, Course Material and breakout discussion groups, you will learn
about current threat trends across the Internet and their impact on organizational security. You will also review
standard cyber security terminology and compliance requirements, examine sample exploits, and gain hands-on
experience mitigating controls. In a contained lab environment, you will work with XSS Flaws, Sea Surf (XSRF), Session
Fixation, Cookie Spoofing along with LFI & RFI Techniques.

Hack in the Box –Competition concludes the Program!

Who Should Attend?


• IT Managers • IT Security Specialists • Government Officials
• C.I.O’s & Chief Security Officers • Technical Students • State Police Department
• Banking Professionals • Network Administrators • Telecom Operators
• Consultants • Intelligence Agencies • Defence & Para Military Officers
• Legal Experts • Security Officers • Network Service Providers

For Corporate Bookings, please feel free to contact:


RS. 45,000/- PER DELEGATE (BULK DISCOUNTS AVAILABLE) ONE WEEK TRAINING PROGRAM
Ajay Sharma Ajeet Srivastava Dr. Zaki Qureshey
Sr. Director-ASSOCHAM Executive - ASSOCHAM Founder & CEO
Mobile: +91-9899188488 Mobile: +91-9350423203 Mobile:+91-90000 62062
email: ajay.sharma@assocham.com email: ajeet.srivastava@assocham.com email: zaki@e2-labs.com

New Delhi. Tel. No.: +91 11 46550555 Fax No.: +91 11 46536481
Visit us : www.assocham.com www.e2-labs.com

You might also like