Why Secure Web Apps? Why now?
Security breaches are on a rise due to the diminishing economy around the world. It is no longer acceptable for any organization to have a development team that does not understand the threats against the applications they produce. This course is aimed at developers, security enthusiasts, and those new to the security community to take a dive into the hacker’s world. Have you ever wondered how attackers break into applications and exploit their weaknesses? This course will provide you the tools needed to provide your own assessments on the applications, perform attacks against systems, and ultimately ensure that your systems are safe from attack.
Agenda (see curriculum below)
Day 1 - April 7th, 2009
8-830 – Registration and networking breakfast
830-10 – Approach & HTTP methods of interest
10-1015 – Break
1015-12 – Assessing web apps & malicious file execution
12-1 – Lunch (Boxed Lunch Included)
1-230 – Malicious & CH Caching
230-245 – Break
245-330 - Insecure communication
330-345 – Break
345-430 – Tools used
Day one will be presentation style, live demonstrations, and questions and answers in all aspects of web application security. The Open Web Application Security Project (OWASP) will be discussed in-depth and walk through each OWASP Top Ten category for web application security flaws and remedies for poor programming.
Day two will be all “hands-on” live attacks against systems using multiple open-source tools. Fake networks will be constructed to provide a simulated attack environment, and walking the students through how they can perform their own “live” assessments, use the exploits only hackers know, and ultimately how to prevent these issues.
This is a must for any developer, security enthusiast, or those looking to get into the security field. Web applications are an estimated eighty five percent of all breaches. Plunge yourself into the dark arts of hacking and ask yourself one question: Are you protected?
Secure Web Application Development Training Syllabus | |
File Size: | 236 kb |
File Type: |
Day 1 - Facilitated Discussion
Approach
o Non-Attribution
o Team Oriented
o Due Diligence
o Business Context
Information Security Overview
o Security as a Lifecycle
o Departmental Organization
o Managing Risk
Web Application Security Overview
o Why Web Application Security?
o Securing the Tiers
o Terminology
o HTTP Basics
Attack Surfaces
Query String Parameters
Form Fields
Cookies
HTTP Methods of Interest
GET
POST
TRACE/TRACK
OPTIONS
PUT
Assessing Web Applications
o Scoping
o Testing Methodologies
Black Box
Grey Box
White Box
o Environments
o Timing
OWASP - Open Web Application Security Project
o What is it?
o Projects/Tools
o Top 10 2007
Cross-Site Scripting (XSS)
Cross-Site Tracing (XST)
Clipboard Access
Injection Flaws
CRLF Injection/HTTP Response Splitting
OS Command Injection
XML/XSLT/XPATH Injection
HTML Injection
ORM Injection
SSI Injection
IMAP/SMTP Injection
LDAP Injection
SQL Injection
Malicious File Execution
Directory Traversal
Local File Inclusion
Remote File Inclusion
HTTP PUT Method
File Upload
FrontPage Remote Authoring
WebDAV – Internet Explorer
Insecure Direct Object Reference
Cross-Site Request Forgery
Information Leakage and Improper Error Handling
Default Files
Behavioral Error Messages
Broken Authentication and Session Management
Session Management
Session Replay Attacks
Predictable Session ID’s
Session Fixation
Insecure Cryptographic Storage
Plaintext Storage
Encoding versus Encryption
Algorithms
o Substitution
o Encoding
Base64 ViewState
o Encryption
Salted
Unsalted
Hashing – Cain
Encoding - Cisco Type 7 Password
Caching
Insecure Communications
PlainText Protocols
Wardriving/Warchalking
Cookies
o Secure Attribute
o Persistent/Non-Persistent
o httpOnly Secure
Sockets Layer
o Protocol Versions
o Cipher Suites
Failure to Restrict URL Access
Security by Obscurity
Other Issues
o Poor Programming
o Broken Business Logic
o Denial of Service
Malformed Input
Resources not Properly Released
Memory Leaks
Race Conditions
Legitimate Request Flood
o Signedness
o Format String Vulnerabilities
o Canonicalization
o NULL Strings
o Buffer Overflows
o Integer Overflows
o Storage of Unnecessary Information
o Pseudo Random Number Generators
o Logging
Tools Used
o Commercial
AppScan
WebInspect
o Free
o Open Source
o Custom
o Benefits/Advantages
o Individual Tools
Ways to Improve Web Application Security
o Proactive Measures
o Reactive Measures
Day 2 – Hands On
Understanding Web Application Attacks
Discovery
Profiling the site
Using non-evasive techniques
Understanding potential flaws without exploiting
Target List
Compiling a high value target list
Isolated attacks
IDS/IPS evasion techniques
Attacking
Attack Surfaces
Network
Operating System
Web Server
Web Application Layer
Client-Side
Keeping up-to-date
Different security groups out there
Conferences
Practice
Knowledge Database
Thinking like a hacker
Gaining access to the systems
o Attacking the system
o Gaining access
o Maintaining access
o Getting around anti-virus
· Finding security flaws
· Using multiple open-source tools
o Burp Suite
o Fast-Track
o Ratproxy/sql map
o DirBuster
o JBroFuzz
· Buffer Overflows
o What they are and how to use them
o Why they happen
o Rewriting exploits
o Protection against buffer overflows
o Metasploit Framework
· Mitigation strategies
o Protecting the database
o Server-side validation
o Stored procedures
o Paramaterized SQL queries