ISACA Hands-on: Remote Testing for Common Web Application Security Threats March 18, 2009
61 Grassmarket, Edinburgh
City of Edinburgh, Central Singapore EH1 2
City of Edinburgh, Central Singapore EH1 2
ISACA Scotland are delighted to announce theirSpring 2009training event in Edinburgh on March 19th 2009.
Speaker: David Rhoades, Maven Security Consulting, Inc www.MavenSecurity.com. David is a regular presenter and speaker for ISACA, and is speaking at Eurocacs in March 2009.
Requirement: You will need to bringyour ownlaptop. Please ensure you havefull administrative rights to install virtual machines to carry out the training. You can also take away this software to practice further.
Course Objectives
Understand the security threats facing web applications
Learn the tools and techniques to remotely validate a web application's security
Enhance secure programming practices by raising awareness and giving programmers the tools needed to audit their code from the user's perspective
Course Topics
Web Protocols Primer
Web protocols & standards (HTML, HTTP)
Session tracking and state mechanisms
HTTP authentication mechanisms
Tools for interception, manipulation, and analysis of web traffic
Common Web Application Security Threats
The Web Application Security Consortium (WASC) "Threat Classification" (http://www.webappsec.org/projects/threat/)
Classes of Attack; definitions and examples (including authentication, authorization, client-side attacks, command execution, information disclosure, and logic attacks)
The most popular forms of attack will be covered in the labs, such as Cross-site Scripting (XSS) and SQL Injection Remote tools and testing techniques for locating these vulnerabilities Cross references to the OWASP Top Ten will be given
Outcome
Attendees will be able to identify, understandand assesscommon website vulnerabilities to ensure common security issues are managed and addressed.
Further Information
If you have any questions regarding this event, please contact Paul Guckian at [email protected] or any of the other committee member at http://www.isaca-scotland.org.uk/contacts.htm
Ticket Info: SOLD OUT! - Standby List, Free
Official Website: http://isacascotland-upcoming.eventbrite.com
Added by eventbrite-events on March 19, 2009