Certified Secure Web Application Engineer
BENEFITS OF CSWAE COURSE
Course Name: Certified Secure
Web Application Engineer
Duration: 4 days
Language: English
Format:
Instructor-led
Live Virtual Training
Prerequisites:
 A minimum of 12 months
experience in networking
technologies
 Sound knowledge of
TCP/IP
 Knowledge of Microsoft
packages
 Network+, Microsoft,
Security+
 Basic Knowledge of Linux
is essential
Student Materials:
 Student Workbook
 Student Reference
Manual
Certification Exam:
CSWAE- Certified Secure Web
Application Engineer
Certification Track:
CSWAE- Certified Secure Web App
Engineer
CPTE - Certified Pen Testing
Engineer™
CPTC - Certified Pen Testing
Consultant™
CDFE - Certified Digital Forensics
Examiner™
Graduates of the mile2 Certified Secure
Web Application Engineer training obtain
real world security knowledge that enables
them to recognize vulnerabilities, exploit
system weaknesses and help safeguard
against threats.
COURSE OVERVIEW
Web applications are increasingly more
sophisticated and as such, they are
critical to almost all major online
businesses. As more applications are
web enabled, the number of web
application security issues will increase,
traditional local system vulnerabilities,
such as directory traversals, overflows
and race conditions, are opened up to
new vectors of attack.
The responsibility for the security of
sensitive systems will rest increasingly
with the web developer, rather than the
vendor or system administrator. As with
most security issues involving
client/server communications, Web
application vulnerabilities generally
stem from improper handling of client
requests and/or a lack of input
validation checking on the part of the
developer.
The mile2 Certified Secure Web
Application Engineer training teaches
students to detect various security
issues with web applications and
identify vulnerabilities and risks.
Also available as:
LIVE VIRTUAL TRAINING
Attend live class from
anywhere in the world!
 Live Presentations with Powerful
functionality that delivers easy
viewing of slides and other
documents, shared Internet
access, virtual whiteboard, and
a media center all through an
easy-to-use toolbar.
 Application, file, and desktop
sharing enable you to view live
demonstrations.
 Dedicated high spec remote PC
per student with full access as if
you are sitting in-front of the PC
in the classroom.
 Instructor views each students
session when you perform your
hands on labs, the instructor can
access your remote system to
demonstrate and assist while
you sit back to absorb the
classroom style mentoring you
expect.
 Public and private text chat
allows for increased interactivity
between students and instructor
 2

UPON COMPLETION
Upon completion of the CSWAE students will be able to confidently undertake the CSWAE certification
examination (recommended). Students will enjoy an in-depth course that is continuously updated to
maintain and incorporate the ever changing web application and secure code technologies. This course
offers up-to-date proprietary laboratories that have been researched and developed by leading security
professionals from around the world.
COURSE DETAILS

Module 0: Web Application Intro
Module 1: Software Security Explained
Module 2: Software Security Vulnerabilities
Module 3: Setting the Stage (The Attack)
Module 4: OWASP Top 10
Module 5: Threat Modeling
Module 6: IBM Appscan
Module 7: Vulnerabilities that Appscan Finds
Module 8: Burp Suite
Module 9: Secure Software Development Life
Cycle
Module 10: Writing Secure Code
Module 11: Web Application Penetration Testing
Module 12: Web 2.0
Module 13: Other Key Items
Module 14: PCI Compliance
Module 15: Secure Code – Attacks
Module 16: Securing Applications
Module 17: Risk Management
Module 18: Security Architecture Design
Module 19: Mobile Application Security

OBJECTIVE OF LABORATORY SCENARIOS

This is an intensive hands-on class; you will spend 60% of student class time performing labs focusing on
both the OWASP model as well as the technicalities that detail PCI compliance in respects to secure
coding.
.

DETAILED MODULE DESCRIPTION
Module 0 – Web App Class Intro
Introduction
Course Overview
Course Objectives
How will we achieve it:
Module 1 – Software Security Explained
Overview
Why Care About Security?
Threats
Definition of Software Security
Understanding Software Security
Software Development Life Cycle
Testing
Risk Assessments
Secure Coding Fundamentals
Software Security
What is software security?
Why is software security so tough?
So what is the problem?
What can we do about it?
Foundation of Security
Challenges With Security
The Rise of Insecure Software
Connectivity
Extensibility
Complexity
Software Security Methodology
Process Overview
What we can do about it?
Roles and Responsibilities
Developer’s Role
Common Vulnerabilities
Buffer Overflow
Common Vulnerabilities
Session Hijacking
Broken Access Control
Broken Account and Session Management
Common Vulnerabilities
Cross Site Scripting
XSS Example
Cross Site Scripting Attacks
XSS Example
Cross Site Request Forgery
Information Leakage
Injection Flaws
3
Learning Aids
Labs
Class Prerequisites
SQL Injection and Injection Flaws
Bobby Tables
SQL Injection Example in .NET
E-Commerce Web Site
E-Commerce Login
Demonstration
SQL Injection
SQL Injection Buggy Code
SQL Injection Countermeasures
Command Injection
Information Integrity
Insufficient Anti-Automation
XML Poisoning
Malicious Code Execution
Malicious Code Execution Example
RSS Atom Injection
WSDL Scanning and Enumeration
Client side validation in AJAX routines
Web Service Routing Issues
Parameter Manipulation With SOAP
XPATH Injection SOAP message
RIA Client Binary Manipulation
Web 2.0 Information Leakage
Application Denial of Service
Application Denial of Service Remediation
Application-Layer DoS
Real-World Test
Hacktics Results
Improper Error Handling
Session Management
Directory Traversal
Insecure Software is Everywhere
OWASP
Security Focus
SecurityFocus (Demo)
ISS (Demo)
Review

Module 2 – Software Security Vulnerabilities
Introduction
Application Test Script Detected
Blind SQL injection
Cacheable SSL page
Cacheable SSL Page Remediation
Cross Site Request Forgery
Cross Site Request Forgery Attacks
Database Error Pattern Found
Database Error Message Found
Direct Access to Administrative Pages
E-mail Address Pattern Found
HTML Comments Contain Sensitive
Information
Internal IP Address Disclosure
Link Injection to Facilitate Cross Site
Request Forgery
Missing Secure Attribute in Encrypted
Sessions
Possible Server Path Disclosure
Query Parameter found in SSL Request
Unencrypted Login Request
Cross Site Scripting
XSS Example
Phishing
Module 3 – Setting the Stage (The Attack)
Learning Attack Methods
Developer’s Point of View
Progression of The Professional Hacker
Methods of Obtaining Information
Physical Access
Social Access
Social Engineering Techniques
Digital Access
Passive vs. Active Reconnaissance
Footprinting Defined
Footprinting Tool: KartOO Website
Footprinting tools
Google and Query Operators
SPUD: Google API Utility Tool
asOnline Social Websites
Identity Theft and MySpace
Instant Messengers and Chats
Blogs, Forums & Newsgroups
Internet Archive: The WayBack Machine
Domain Name Registration
WHOIS
WHOIS Output
DNS Databases
Using Nslookup
Dig for Unix / Linux
4
Phishing Web 2.0 Example
Injection Flaws
Cross Site Scripting
Cross Site Scripting Attacks
XSS Example
SQL Injection and Injection Flaws
Bobby Tables
SQL Injection Example in .NET
E-Commerce Web Site
E-Commerce Login
SQL Injection
SQL Demonstration
SQL Injection Buggy Code
SQL Injection Countermeasures
Web-Based Email
Directory Traversal
The Principles of Secure Development
Principle #1 – Input Validation
Possible Places to do Validation
Principle #3 - Improper Error Handling
Principle #4 – Authentication and
Authorization
Principle #5 – Session Hijacking
Principle #6 – Secure Communications
People Search Engines
Client Email Reputation
Web Server Info Tool: Netcraft
Countermeasure: Domainsbyproxy.com
Footprinting Countermeasures
Introduction to Port Scanning
Popular Port Scanning Tools
Port Scan Tips
Most Popular: BackTrack
Expected Results
Method: Ping
Stealth Online Ping
NMAP: Preferred Scanning Tool
Which services use which ports?
OS Fingerprinting
Countermeasures: Scanning
Enumeration Overview
Web Server Banners
Practice: Banner Grabbing with Telnet
SuperScan 4 Tool: Banner Grabbing
SMTP Server Banner
DNS Enumeration
Web Application Penetration Methodologies
HTTrack Tool
Instructor Demonstration

The Anatomy of a Web Application Attack
Web Attack Techniques
URL mappings to the web application
system
Cracking Techniques
Password Guessing
Module 4 – OWASP Top 10
Cross Site Scripting
Injection Flaws
SQL Injection
Why SQL “Injection”?
SQL Connection Properties
SQL Injection: Enumeration
SQL Extended Stored Procedures
Shutting Down SQL Server
Business Impacts of SQL Injection
Finding and Fixing SQL Injection
Unvalidated Input
Business Impacts of Unvalidated Input
Finding and Fixing Unvalidated Input
Buffer Overflows
Business Impacts of Buffer Overflows
Finding and Fixing Buffer Overflows
Improper Error Handling
Business Impacts of Improper Error
Handling
Finding and Fixing Improper Error Handling
Module 5 – Threat Modeling
Overview
Threat Modeling Overview
The Process
Identify Security Objectives
Application Review
Application Diagram
Application Decomposition
Identify Threats
Harmonized Threat and Risk Assessment
Methodology
Framework for the Harmonized TRA
Methodology
Module 6 – IBM AppScan
IBM Appscan
Tell Appscan what you want to do
Let’s Start a New Scan
5
Tsgrinder
Brute Force Tools
Precomputation Detail
Cain and Abel’s Cracking Methods
LAB 1 – Getting Set Up
LAB 2 – Information Gathering
LAB 3 – Scanning
LAB 4 – Enumeration
Broken Authentication and Session Mgmt
Business Impacts of Broken Authentication
Finding and Fixing Broken Authentication
Broken Access Control
Where Does Access Control Typically
Occur?
Business Impacts of Broken Access Control
Finding and Fixing Broken Access Control
Insecure Storage
Business Impacts of Insecure Storage
Finding and Fixing Insecure Storage
Application Denial of Service
Business Impacts of Application DOS
Finding and Fixing Application DOS
Insecure Configuration Management
Business Impacts of Insecure Configuration
Finding and Fixing Insecure Configuration
Where to Learn More
LAB 5 – Database Hacking
LAB 6 – Hacking Web Applications
Threat Methodologies (STRIDE)
Spoofing Identity
Tampering With Data
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
Rank the Threats (DREAD)
How to Respond to Threats
Mitigating Threats
Review
Chose Web Application Scan
Type in the Demo Web site URL
Type in Automatic
 6

Start Full Automatic Scan Let’s Do Some Reconnaissance on the

Let’s Autosave Demo Site
Save assessment What do you notice about the site?
First Appscan Crawls the Application

Module 7 – Vulnerabilities that AppScan Finds

Introduction Microsoft ASP Debugging Enabled
HTTP Response Splitting Sensitive Files Found
Application Input Restrictions Bypass Unencrypted View STATE PARAMETER
Hidden Directory Detected

Module 8 – Burp Suite

What is Burp Suite? Target site map
Burp Suite Tools Target Scope
Burp search Discover Content
Saving and restoring state Message Editor
Restoring state Properties
Remembering settings Extensibility
Lean mode

Module 9 – Secure SDLC

Overview Project Initiation/Concept
Secure Software Development Lifecycle Requirements Gathering
A Secure Process Architecture and Design
Manager’s Point of View Things to Consider
Developer’s Point of View Development
Why Change? Unit Test
Consumer Expectations Implementation and Deployment
Business Responsibility Maintenance
Response? Review
Phases of The Development Lifecycle

Module 10 – Writing Secure Code

Overview
Data Validation
Defending the Attack
Error and Exception Handling
Logging and Auditing
Authentication
Web Authentication Methods
Basic and Digest Authentication
Form Based Authentication
Certificate Based Authentication
Strong Authentication
Authorization
Review

Module 11 – Web Application Penetration Testing
Overview
Security Code Reviews
Web Application Penetration testing
Overview
Quick Poll
Benefits of a Penetration Test
Article and Example of WAPT
Current Problems in WAPT
Changes In Software Development
Reality check
Changes Required From Security Testers
Types of Penetration Testing
Penetration Testing Methodologies
FireFox – The ScriptKiddie’s Dream
Assessment Tool: Stealth HTTP Scanner
Instructor Demonstration
Acunetix Web Scanner
Wikto Web Assessment Tool
Instructor Demonstration
Tool: Paros Proxy
Instructor Demonstration
Tool: Burp Proxy
Fuzzers
OWASP Top Ten Web Vulnerabilities
Nessus
Nessus Report
Module 12 – Web 2.0
Introduction
What is Web 2.0 and who uses it?
Classic Web Vs Ajax
Synchronous vs. Asynchronous
WEB 2.0 Target Application Layout
Web 2.0 Security Vulnerabilities
Web 2.0 Usability
Web 2.0 and No SSL
Web 2.0 and Remember Me
Web 2.0 and Social
Overpowered APIs and Duplicated Code
Outsourcing
Web 2.0 and Cutting Edge Technology
Web 2.0 and Trust
Web 2.0 Security Vulnerabilities
Systems Susceptible to Attacks
Insufficient Authentication Controls
Cross Site Scripting
XSS Example
7
SAINT – Sample Report
Hacking Tool: Metasploit
Direct Attacks Against a Database
Attacking Database Servers
Obtaining Sensitive Information
Hacking Tool: SQL Ping2
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
Oracle Security Expert
Hardening Databases
Analyzing Risk
Report Results Matrix
Findings Matrix
Principles
Process
Rank the Threats (DREAD)
DREAD
Risk Assessment
Testing Methodologies
Integrating Testing in the Dev Lifecycle
Implementing Defense In-depth
On the Horizon
Website Review
Review
Cross Site Request Forgery
Cross Site Request Forgery Attacks
Phishing
Phishing Web 2.0 Example
Information Leakage
Web 2.0 Information Leakage
Injection Flaws
Information Integrity
Insufficient Anti-Automation
XML Poisoning
Malicious Code Execution
RSS Atom Injection
WSDL Scanning and Enumeration
Client side validation in AJAX routines
Web Service Routing Issues
Parameter Manipulation With SOAP
XPATH Injection SOAP message
RIA Client Binary Manipulation
LAB 7 – HP Test Fire
 8

Module 13 – Other Key Items

Overview The Software Market
Other items - Integrated Systems The Market is Changing!
Security is Challenging Present and Future
ISO 21827 SSE-CMM Software Security Is A Different World
Leverage industry standards Root Causes of Application Insecurity
The CMMI Approach Targeting the Root Causes
Integrated Systems What to recommend
What is DMZ? Key Enhancements
Classic Security Model Advanced Enhancements
DNS Application Security Capacity Scorecard
Middleware Defined Compliance & Security Integrated
Integrated Systems Fundamental Requirements
Requirements Integration Through Risk Management
International Standards --SSE-CMM Application Security
What to require Security Management & Compliance
How do you select the correct security
product?

Module 14 – PCI Compliance

Overview Requirement 6.3
Payment Card Industry Requirement 6.4
PCI DSS Overview Requirement 6.5
PCI Overview Requirement 6.6
PCI-Requirement 6 Security Audit Procedures
Requirement 6.1 Compensating Controls
Requirement 6.2 Summary

Module 15 – Secure Code Attacks

Attacks on applications 3rd Party Vendors
OWASP What are the risks?
Injection Flaws Risk to the organization
Cross Site Scripting (XSS) Challenges
Broken Authentication and Session Analyzing Vendor Security
Management Managing the Risk
Insecure Direct Object Reference Outsourcing and Off Shoring
Cross Site Request Forgery (CSRF) Challenges
Misconfiguration of Security Ensure Security
Insecure Cryptographic Storage Tools of the Trade
Failure to Restrict URL Access Summary
Insufficient Transport Layer Protection LAB 8 – Doing a Scan on a Web Service
Invalidated Redirects/Forwards

Module 16 – Securing Applications

What is Software Security? Threat Modeling
Security Terms Traceability Matrix
Attack Vectors OWASP Guides
Threats Discussion
S-SDLC Framework LAB 9 – Vulnerability Software Scanning
 9

Module 17 – Risk Management

Overview Identify Risks
Risk Management Risk Analysis
Why ERM Is Important Identify Assets and Value
Integration of Risk Management into the Identify Threats and Risks
SDLC Determine Impacts
Phase: Requirements Impact vs. Cost to Mitigate
Phase: Design Classify Risks
Phase: Implementation Develop Mitigation Plan
Phase: Integrate / Release Implement
Important Terms Validating Fixes
The Importance of Risk Management Reporting Your Findings
NIST KEYS FOR SUCCESS
When Should it Start www.somap.org
Risk Management Process Review
Know The Business

Module 18 - Security Architecture Design

Overview Secure By Design
Secure Architecture Design Design Considerations
Architecture and Design The SD3 Framework
Security Architecture – Multi-layer Understanding the Environment
SAL – focus on Standardization Discuss Technical Issues
Design for Security Security in Layers
Architectural design Attacks
Protection Man-in-the Middle
What to Consider During Design Session Hijacking
Design Guidelines Buy vs. Build
Design It Secure Secure your Data
The Economics of Software Filters
Forces in Software Things to Remember
Design Considerations Review
Secure Product Development Timeline

Module 19 – Mobile Application Security

Two types of Vulnerabilities
Activity Monitoring and Data Retrieval
Unauthorized Dialing, SMS, and Payments
Unauthorized Network Connectivity
UI impersonation
System Modification (rootkit, APN, proxy
config)
Logic or Time Bomb [CWE-511]
Sensitive Data Leakage [CWE-200]
Unsafe Sensitive Data Storage [CWE-312]
Unsafe Sensitive Data Transmission [CWE-
319]
Hardcoded Password/Keys [CWE-798]

Additional Lab Exercises-

Linux Fundamentals
Report Writing