Onwards: Certified Web Application Security Professional ,Hands-on workshop on 21st & 22nd June,2013

Computer Society of India Mumbai Chapter Two days hands-on workshop on: Certified Web Application Security Professional 21^st to 22^nd June 2013, 9.30 am to 5.30pm, Mumbai
Introduction
The course is focused on a comprehensive coverage of web application security. It will present security guidelines and considerations in web applications development. The participants will learn the basics of application security, how to enforce security on a web application, Basics of Threat Modeling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
Objectives of the course		Who Should Attend
Upon completion of this course, participants will be able to: Understand the need for security Understand the various security threats and countermeasures Design and Develop secured web applications		All web app developers, testers, designers who wish to improve their security skills Developers and System Architects wishing to improve their security skills and awareness Team Leaders and Project Managers Security practitioners and managers Auditors Anyone interested in techniques for securing Web applications QA analysts who want to learn the mechanics of Web applications for better testing
Registration Fees
CSI Members Rs. 10,000 /- Per Participant Non CSI Member Rs. 12,000/- Per Participant (Group Discount is available for minimum 5 number of registration)
Course Contents
Session One: Introduction and Case Study Module 1: Web Hacking Case Studies Module 2: Business Risks from Application Vulnerabilities Session Two: Web 2.0 Security Module 3: What is Web 2.0? Module 4: AJAX Vulnerabilities Module 5: What are Web Services? Module 6: Web Services Vulnerabilities Session Three: Threat Modeling – Web Application Security Controls Module 7: Application Security – An Overview Module 8: Threat Modeling – Objectives Module 9: Threat Modeling – Meaning and terminology Module 10: Hacker's Interest Area Module 11: Threat Profiling Module 12: Practical Considerations Module 13: Case Study Session Four: Introduction to web application vulnerabilities Module 14: OWASP Top Ten Module 15: OWASC List of Vulnerabilities Session Five: Functional v/s Security testing Module 16: What is Functional testing? Module 17: What is Security testing? Module 18: Differences Module 19: Tools for Functional and Security testing		Session Six: Web application in-securities practical hands-on Module 20: Demo of web vulnerabilities with insecure web applications. Session Seven: Secure Coding Techniques Module 21: Best Practices Module 22: Secure J2EE Programming Module 23: Secure .NET Programming Module 24: Secure PHP Programming Session Eight: Significant OWASP Projects Module 25: OWASP Development Guide Module 26: OWASP Testing Guide Module 27: OWASP Code Review Guide Session Nine: Flash Attacks Session Ten: IFrame Attacks Session Eleven: Continuous security testing and assessments Module 28: Risk based approach Module 29: Risks from Outsourcing Module 30: Conducting VAPT, Source code audits, Infrastructure reviews
Faculty Profile
Wasim Halani currently serves as a Senior Security Analyst in the Technical Assessment team. His work mainly focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for premier clients. He has also handled some of the unique projects over the past two years, like Social Engineering, Wireless Network Assessments, WAP Service testing and KIOSK Risk Assessment.    He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies, which allow him to conduct in-depth testing of applications during a penetration testing exercise. During his free time, he likes to research on advance topics like Malware Analysis and Exploit Development. He is a Certified Professional Hacker (CPH) and also provides training services. Application Security Well versed with OWASP – Top Ten and WASC Threat Classifications Expertise in Vulnerability Assessment and Penetration Testing of Web Applications Business-Logic based application testing Penetration testing of WAP/WML services Network Security Good knowledge of TCP/IP fundamentals Worked on security for a range of Operating Systems, databases, web servers and mail servers . VPN Assessment Firewall and Router Configuration Review Worked on security for a VoIP technology Wireless Security Cracking WEP encryption Auditing WPA and WPA2 encryption Wireless network implementation review Forensics Disk Imaging with Encase Web Server Log Review Fraud Investigation Email Address Tracking File Recovery Penetration Testing 2.0 Social Engineering Phishing Client-side Attacks Conducts trainings on the following subjects Certified Professional Hacker Exploit Development Advance Metasploit Wireless Security Network Security Auditing Database Security Auditing Over the past two years, Wasim has been exposed to a variety of different applications and network environments which have helped him enhance his understanding and technical skills. Operating Systems: Windows XP/2000/2003/Vista/7, Linux, Unix(Solaris), HP-Unix. Databases: MS SQL Server, Oracle, MySQL Servers: FTP, TFTP, DHCP, Web Servers(IIS,Apache), Mail Servers(Sendmail, SquirrelMail), Domain Controller (Active Directory) While conducting security assessments, Wasim has familiarized himself with many of the popular tools available. Few tools he regularly uses are: Nmap, Teneble Nessus, Metasploit, BurpSuite Pro,Wireshark, NetCat, Aircrack-ng suite, Cain & Abel, tcpdump, Ettercap, Pwdump/Fgdump, Brutus, John-the-Ripper, Hydra, OphCrack, Wikto, W3AF, IkeScan, IkeProbe. He's also comfortable with the Backtrack 4 Penetration Testing OS. Programming Languages C, C++, HTML, Perl, JAVA, Visual Basic 6, JavaScript, SQL, Visual C#.Net, XML, PHP.
Venue & For Registration Contact	Terms & Conditions
Harshavardhan Mane CSI Mumbai Chapter, Unit no 3, 4^th floor, Samruddhi Venture, MIDC, Andheri East, Mumbai - 400093. Tel: 022 28235476 / 28235548, (Mobile) 9819089527, 9664926800, Fax: 022 28235546 Email: harsh@csimumbai.org / info@csimumbai.org csimumbai@vsnl.com Website : http://www.csimumbai.org	- All payment should be made in the name of "CSI Mumbai Chapter" Payable at Mumbai. - The mentioned fees are inclusive of all taxes and charges. - Registration fees covers courseware, lunch, Tea/Coffee and CSI Certificate. - Group discount is available for minimum 5 number of registration. - Non CSI Member can avail discount in fees by becoming member of the society for details visit : http://www.csimumbai.org Payment is to be made in favor of 'CSI Mumbai Chapter, A/c No. 054401002573 payable at ICICI Bank, MIDC, Andheri East, Branch, Mumbai-400093, RTGS/NEFT Code: ICIC0000544, (All Major VISA / Master Credit / Debit cards will be accepted)
Participation only through advance registration, (Batch size : 20 participants only) Note – Out station participants need to confirm at least 2 days prior to the commencement of the training
Disclaimer: This mail is not spam mail and is a genuine communication from Computer Society of India (CSI) Mumbai Chapter to its members and other IT Professionals to inform them about the forthcoming event. If you feel that this mail should not have been sent to you or you want similar communication to be sent to your different e-mail address, please reply to this mail and specify it in the message.