News/Press
Company
Security Solutions
Security Services
Trainings
   
Trainings Overview
Hacking Extreme
Hacking Extreme Web Applications
Attacks and Countermeasures
Intrusion Detection and Prevention

Hacking Extreme: Web Applications

Instructors: Marco Lorenz, Tobias Klein, Steffen Tröscher and Stefan Middendorf (all consultants at cirosec)

Length: 3 days

Web-based applications are becoming a favorite point of attack, not only because more and more companies are providing Web services, online shops, banking applications, employee portals and other interactive applications with Web frontends, but also because new methods are available for attacking and manipulating these systems.
" Extreme Hacking: Web Applications" is a new course based on our successful "Extreme Hacking" course, but, as the name implies, is concerned with attacks on Web applications and the databases located behind them.
This intensive course teaches you about methods used by attackers, and both well-known and lesser-known techniques for attacking web applications and the databases and backends located behind them, all with a very practical approach enhanced by means of numerous laboratory exercises.
By means of numerous exercises, we explain the theory and practice behind buzzwords such as "SQL injection", "hidden manipulation", "cross-site scripting" and many others.
Each course participant has the use of an individual notebook containing an extensive assortment of tools, making it possible to gain personal, practical experience with the attacker's point of view. The trainers carry out security audits on a regular basis, and are known as experts in the field of applications security.

The trainers carry out security audits on a regular basis, and are known as experts in the field of applications security.

Examples of the subject areas covered:
• Load Balancer Spotting and Fingerprinting
• Proxy Spotting and Fingerprinting
• Web Server Fingerprinting
• Crawler
• Classic Software Vulnerabilities in Web Server Services (Buffer Overflows, etc.)
• Directory Listings
• Vulnerabilities in the Application Logic
• Command Injection
• Vulnerabilities During Data Upload
• Classic Software Vulnerabilities Within the Application (Buffer Overflows, etc.)
• Directory Traversal
• SSL Man in the Middle and SSL Vulnerabilities
• Systematic Password Guessing
• Systematic Guessing/Predicting of Session IDs
• (Advanced) Cross-Site Scripting
• Session Fixation
• Web Spoofing
• Phishing
• (Advanced) SQL Injection

Systems covered:
Unix or Windows-based Web servers, databases, application servers, etc.

Target group:
Administrators and security officers who are not afraid to see security through the eyes of the attacker, and thus to delve very deeply into the attacker's world. Also of interest to developers and administrators
of Web servers and e-business systems.

This course must in any case be viewed as "advanced" training, and the number of participants is limited to enable individualized instruction and maximum effectiveness.

Prerequisite:
Basic knowledge of web servers, HTTP and HTML.
Prior participation in the course "Extreme Hacking“ is helpful.

Price:
2.400 €

Dates:
04 - 06 November 2008 Cologne
16 - 18 December 2008 Munich
28 - 30 April 2009 Stuttgart
16 - 18 June 2009 Hamburg
22 - 24 September 2009 Stuttgart
24 - 26 November 2009 Cologne
15 - 17 December 2009 Munich

Place:
The training course will take place in fine, specially selected hotels:

• Hamburg: East Hotel
• Cologne: Hilton Hotel
• Munich: Novotel München City
• Stuttgart: nestor Hotel Ludwigsburg

We would be happy to reserve a room for you at a special rate in the hotel where the training course will take place.

Online registration
image