IT Security Training

Web Application Hacking

Who should attend : Application Developers, Application Security Analysts, Technical Managers, Application Architects, Application Testers, Penetration Testers, Security Professionals, Auditors, Students majoring in Software Engineering / Development

Prerequisite skills : a basic understanding of web application technology and concepts such as HTML and JavaScript

Course Outline

The gaping security loopholes in Web applications are being exploited by hackers worldwide. According to a research by the Gartner Group :

• Almost three-fourths of all Internet assaults are targeted at Web applications.
• Estimated 70% of all security breaches are due to vulnerabilities within the web application layer (attacks exclusively using the HTTP/HTTPS protocol) leading to the theft of sensitive corporate data such as credit card information and customer lists.
• Traditional security mechanisms such as firewalls and IDS provide little or no protection against attacks on your web applications

Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases.

This course :

• Provides web application developers with an understanding of application security issues and attack vectors, and the skills, tools and techniques necessary to code defensively against web attacks.
• Show how hackers can abuse web applications, and what developers can do to prevent this.
• Show how developers and testers can test their own applications in order to determine if they are susceptible to web application attacks.

Focus will be maintained on security strategies rather than coding level implementation