Cloud Computing Search

Monday, June 17, 2013

Certified Web Application Security Professional ,Hands-on workshop on 21st & 22nd June,2013








Computer Society of India Mumbai Chapter
Two days hands-on workshop on:
Certified Web Application Security Professional
21st to 22nd June 2013, 9.30 am to 5.30pm, Mumbai
Introduction
The course is focused on a comprehensive coverage of web application security. It will present security guidelines and considerations in web applications development. The participants will learn the basics of application security, how to enforce security on a web application, Basics of Threat Modeling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
Objectives of the course
Who Should Attend
Upon completion of this course, participants will be able to:
  • Understand the need for security
  • Understand the various security threats and countermeasures
  • Design and Develop secured web applications
  • All web app developers, testers, designers who wish to improve their security skills
  • Developers and System Architects wishing to improve their security skills and awareness
  • Team Leaders and Project Managers
  • Security practitioners and managers
  • Auditors
  • Anyone interested in techniques for securing Web applications
  • QA analysts who want to learn the mechanics of Web applications for better testing
Registration Fees
  • CSI Members Rs. 10,000 /- Per Participant
  • Non CSI Member Rs. 12,000/- Per Participant
  • (Group Discount is available for minimum 5 number of registration)
Course Contents
Session One: Introduction and Case Study
  • Module 1: Web Hacking Case Studies
  • Module 2: Business Risks from Application Vulnerabilities
Session Two: Web 2.0 Security
  • Module 3: What is Web 2.0?
  • Module 4: AJAX Vulnerabilities
  • Module 5: What are Web Services?
  • Module 6: Web Services Vulnerabilities
Session Three: Threat Modeling – Web Application Security Controls
  • Module 7: Application Security – An Overview
  • Module 8: Threat Modeling – Objectives
  • Module 9: Threat Modeling – Meaning and terminology
  • Module 10: Hacker's Interest Area
  • Module 11: Threat Profiling
  • Module 12: Practical Considerations
  • Module 13: Case Study
Session Four: Introduction to web application vulnerabilities
  • Module 14: OWASP Top Ten
  • Module 15: OWASC List of Vulnerabilities
Session Five: Functional v/s Security testing
  • Module 16: What is Functional testing?
  • Module 17: What is Security testing?
  • Module 18: Differences
  • Module 19: Tools for Functional and Security testing
Session Six: Web application in-securities practical hands-on
  • Module 20: Demo of web vulnerabilities with insecure web applications.
Session Seven: Secure Coding Techniques
  • Module 21: Best Practices
  • Module 22: Secure J2EE Programming
  • Module 23: Secure .NET Programming
  • Module 24: Secure PHP Programming
Session Eight: Significant OWASP Projects
  • Module 25: OWASP Development Guide
  • Module 26: OWASP Testing Guide
  • Module 27: OWASP Code Review Guide
Session Nine: Flash Attacks
Session Ten: IFrame Attacks
Session Eleven: Continuous security testing and assessments
  • Module 28: Risk based approach
  • Module 29: Risks from Outsourcing
  • Module 30: Conducting VAPT, Source code audits, Infrastructure reviews
Faculty Profile
Wasim Halani currently serves as a Senior Security Analyst in the Technical Assessment team. His work mainly focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for premier clients. He has also handled some of the unique projects over the past two years, like Social Engineering, Wireless Network Assessments, WAP Service testing and KIOSK Risk Assessment. 


He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies, which allow him to conduct in-depth testing of applications during a penetration testing exercise.During his free time, he likes to research on advance topics like Malware Analysis and Exploit Development. He is a Certified Professional Hacker (CPH) and also provides training services.
Application Security
  • Well versed with OWASP – Top Ten and WASC Threat Classifications
  • Expertise in Vulnerability Assessment and Penetration Testing of Web Applications
  • Business-Logic based application testing
  • Penetration testing of WAP/WML services
Network Security
  • Good knowledge of TCP/IP fundamentals
  • Worked on security for a range of Operating Systems, databases, web servers and mail servers .
  • VPN Assessment
  • Firewall and Router Configuration Review
  • Worked on security for a VoIP technology
Wireless Security
  • Cracking WEP encryption
  • Auditing WPA and WPA2 encryption
  • Wireless network implementation review
Forensics
  • Disk Imaging with Encase
  • Web Server Log Review
  • Fraud Investigation
  • Email Address Tracking
  • File Recovery
Penetration Testing 2.0
  • Social Engineering
  • Phishing
  • Client-side Attacks
Conducts trainings on the following subjects
  • Certified Professional Hacker
  • Exploit Development
  • Advance Metasploit
  • Wireless Security
  • Network Security Auditing
  • Database Security Auditing
Over the past two years, Wasim has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills.
  • Operating Systems: Windows XP/2000/2003/Vista/7, Linux, Unix(Solaris), HP-Unix.
  • Databases: MS SQL Server, Oracle, MySQL
  • Servers: FTP, TFTP, DHCP, Web Servers(IIS,Apache), Mail Servers(Sendmail, SquirrelMail), Domain Controller (Active Directory)
While conducting security assessments, Wasim has familiarized himself with many of the popular tools available. Few tools he regularly uses are:
  • Nmap, Teneble Nessus, Metasploit, BurpSuite Pro,Wireshark, NetCat, Aircrack-ng suite, Cain & Abel, tcpdump, Ettercap, Pwdump/Fgdump, Brutus, John-the-Ripper, Hydra, OphCrack, Wikto, W3AF, IkeScan, IkeProbe.
  • He's also comfortable with the Backtrack 4 Penetration Testing OS.
  • Programming Languages
  • C, C++, HTML, Perl, JAVA, Visual Basic 6, JavaScript, SQL, Visual C#.Net, XML, PHP.
Venue & For Registration Contact
Terms & Conditions
Harshavardhan Mane
CSI Mumbai Chapter,
Unit no 3, 4th floor, Samruddhi Venture,
MIDC, Andheri East, Mumbai - 400093.
Tel: 022 28235476 / 28235548,
(Mobile)  9819089527, 9664926800,
Fax: 022 28235546
-       All payment should be made in the name of "CSI Mumbai Chapter" Payable at Mumbai.
-       The mentioned fees are inclusive of all taxes and charges.
-       Registration fees covers courseware, lunch, Tea/Coffee and CSI Certificate.
-       Group discount is available for minimum 5 number of registration.
-       Non CSI Member can avail discount in fees by becoming member of the society for details visit : http://www.csimumbai.org
Payment is to be made in favor of 'CSI Mumbai Chapter, A/c No. 054401002573 payable at ICICI Bank, MIDC, Andheri East, Branch, Mumbai-400093, RTGS/NEFT Code: ICIC0000544, (All Major VISA / Master  Credit / Debit   cards will be accepted)
Participation only through advance registration, (Batch size : 20 participants only) Note – Out station participants need to confirm at least 2 days prior to the commencement of the training
Disclaimer:
This mail is not spam mail and is a genuine communication from Computer Society of India (CSI) Mumbai Chapter to its members and other IT Professionals to inform them about the forthcoming event. If you feel that this mail should not have been sent to you or you want similar communication to be sent to your different e-mail address, please reply to this mail and specify it in the message.

To unsubscribe from further emails, Click Here
POWERED BY
netCORE netCORE

No comments:

Post a Comment