Technical Training Track A


Trainer: Meling Mudin (spoonfork)
Duration: 2-days
Cost: 150BD/USD400 (Early Bird) || 200BD/USD530 (Non Early Bird)

Title: Network Intrusion Detection Systems - NIDS

This course is a two-day intrusion detection course with emphasis on network intrusion detection. In this course, you will obtain valuable insights into network IDS, how they work, what they do and how they will play a vital role in your overall security infrastructure. To demonstrate this, you will be introduced to hackers and the tools of their trade. The journey then take you into the world of Snort, a popular network IDS. You will be doing hands-on exercises where you will use Snort to detect
attacks. You will also learn how to write Snort rules. The knowledge that you gain from this will help you to decide which NIDS is the best for your needs, how you will deploy and operate NIDS, and getting the most out of your IDS.

Workshop prerequisites

1. Knowledge in Linux Operating System. Participants are expected to know how to install and configure software in Linux.
2. TCP/IP and networking knowledge.

Target audience Network security administrators, system administrators, IT managers

Course Overview

1.0 Network Security, Hackers and Their Tools
1.1 Hackers and their tools
1.2 Defense-in-depth.
1.3 Hands on exercises: Using popular open-source hacking tools

2.0 Introduction to Intrusion Detection System
2.1 What is an IDS
2.2 Host-based IDS
2.3 Network-based IDS
2.4 Detection method
2.5 Usage of IDSs
2.6 Strengths and Weaknesses of IDS
2.7 Honeypot

3.0 Snort Network Intrusion Detection System
3.1 Introduction to Snort
3.2 Snort architecture, installation, configuration and operation
3.3 Hands on exercises: install, configure and run Snort

4.0 Snort Signature In-depth
4.1 Snort Signatures
4.2 Hands on exercises: writing Snort rules

5.0 Analyzing Snort Logs
5.1 Analyzing Snort Logs
5.2 Hands on exercises: perform attacks and analyze Snort output

6.0 Other IDSes
6.1 A look at some popular commercial and open-source IDS system

7.0 IDS Deployment
7.1 IDS deployment strategies
7.2 Issues and considerations

About Meling

Meling Mudin is a CTO of a start-up company focused on the development of correlation and event log management from various security devices. He was previously a security consultant and system architect at SCAN Associates, where he led the development of a security monitoring system for the Malaysian Government. He is also responsible for the annual HITBSecConf Capture the Flag game. Mr. Mudin also consults under Hack In The Box (M) Sdn. Bhd. In the past, he has worked as system administrator and programmer.

Posted by Administrator @ 2004-11-30 1:23 pm
Technical Training Track B


Trainer: Jorge Sebastiao (ESGulf)
Duration: 2-days
Cost: 150BD/USD400 (Early Bird) || 200BD/USD530 (Non Early Bird)


Posted by Administrator @ 2004-11-30 1:22 pm
Technical Training Track C


Trainer: Shreeraj Shah (Net-Square)
Duration: 2-days
Cost: 150BD/USD400 (Early Bird) || 200BD/USD530 (Non Early Bird)

Title: Web Applications: Attacks and Defense
Abstract: This course is an intense two-day journey into the innards of web application security. Brought to you by the authors of Web Hacking: Attacks and Defense, the class is based on case studies of real-life web applications riddled with security problems. Participants are given a hands-on experience in performing thorough application security reviews, as well as secure coding and application deployment techniques.

The course is based on a highly proven application testing methodology, encompassing black box and white box testing techniques, application security principles and practices, and real world examples.

During the course, the participants are introduced to a web application, which they have to secure by the end of the training class. The application lockdown exercise takes the participants through various concepts such as:

* Understanding application security issues
* Application testing methodologies
* Secure application deployment
* Secure coding techniques
* Security by design.

The Web Applications: Attacks and Defense class features web applications written using ASP or PHP, encompassing security issues such as:

* Exception handling
* SQL injection
* Remote command execution
* Data tampering
* Cross site scripting

The advanced edition of the Web Applications: Attacks and Defense class features a more complex web application, written using ASP, PHP, ASP.NET or Java/JSP. In addition to the regular class, the advanced edition class includes security issues such as:

* Authentication
* Preventing session hijacking
* Privilege escalation
* Advanced SQL security with stored procedures

This class involves rigorous hands-on exercises.

Key Learning Objectives:

* Problems that occur when developing a web application.
* Security issues when deploying a web application.
* Web application security testing
* Securely configuring web servers
* Secure coding techniques
* Spotting basic errors in web application code
* Basic error handling techniques

General Learning Objectives:

* Developing procedures to test and maintain the security of a web application.
* Source code review procedures.
* Proficiency with security testing tools and procedures

Who Should Attend:

* Developers: Learn what can go wrong with badly written application code, and how to prevent such errors.
* Web site administrators: Learn how to securely configure a web server and an application server, without compromising on functionality.
* Application security analysts: Learn how to systematically analyze and audit a web application.
* Project managers / IT managers: Learn how to be effective in maintaining a secure web application, going ahead.

About Shreeraj:

Shreeraj founded Net-Square in January 2000, to establish the company as a strong security research and security software development company. Net-Square has been instrumental in developing and exporting web security components companies such as Foundstone and NT OBJECTives. He leads research and development arm of Net Square. He has over 5 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Chase Bank and IBM in area of web security.

Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India. Shreeraj has also authored a book titled “Web Hacking: Attacks and Defense” published by Addison Wesley.

Posted by Administrator @ 2004-11-30 1:21 pm
Technical Training Track D


Trainer: Anthony Zboralski (Gaius)
Duration: 2-days
Cost: 150BD/USD400 (Early Bird) || 200BD/USD530 (Non Early Bird)


Posted by Administrator @ 2004-11-30 1:18 pm

Event Organizers

E-Security Gulf Group  

Hack In The Box (M) Sdn. Bhd.  


Microsoft Corporation  

Argus Systems Group 

Bahrain International Circuit 

Gulf Air 

Kingdom University, Bahrain 

Instec Digital Systems 

Oracle Corporation 


Duroob Technology 

Qatar Airways 

Supporting Organizations

Bellua Asia Pacific  

X-Focus China  

Bahrain Information Technology Society 

Hack In The Box (M) Sdn. Bhd.