Web Hacking – Exploits and Countermeasures

Speaker: Justin Peltier
Chief Techonology Officer
Peltier and Associates

Presentation Overview:

Port 80 has been called the highway into the network. How secure is your highway? If you’re not sure, it’s time to explore Web hacking. In this two-day, hands-on seminar, we will probe the security of Web-enabled applications and exploit common vulnerabilities. This class helps you develop a skill set that is essential to security testing as more applications become Web-enabled. At the end of this course, you will be able to assess Web applications and compromise common vulnerabilities.

Time-Based Objectives:

Day One

Profiling the server — We will start by running queries against the Web server to observe the response. We will then move on, evaluating SSL and looking at SSL for security vulnerabilities. We will then look at common Web application authentication mechanisms and the security strengths and weaknesses of each.

Day Two

Common mistakes — We will start the day by performing parameter manipulation. This will lead to examples of eshoplifting and vulnerabilities in various systems. Next we will look at a specific type of parameter manipulation— cross-site scripting (XSS). We will use both reflexive and stored cross-site scripts. We will conclude the course by working with SQL and more specifically SQL injection statements.

Prerequisites:

Possess a working knowledge of basic network security and a solid grasp of TCP/IP and fundamental networking concepts. We recommend taking CSI’s Hands-on Hacking course before this course.