[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

TECH TRAINING 1 - Advanced Web Application & Services Hacking

Filed under: Main Page — Administrator @ 7:45 pm

April 13, 2006

Title: Advanced Web Application & Services Hacking
Trainer: Umesh Nagori (Vice President, Net-Square) & Lyra Fernandes (Pricipal Analyst, Net-Square)
Capacity: 24 pax
Seats left: CLASS IS FULL
Duration: 2 days
Cost: (per pax) RM2800 (early bird) / RM3200 (non early-bird)



A growing concern has been Web application security – Web and application servers are the target of regular attacks by attackers that exploit security loopholes or vulnerabilities in code or design. Adding to this concern are next generation applications; applications that are on the fast track and more appealing to the user, utilizing dynamic AJAX scripts, Web services and newer Web technologies to create intuitive and easy interfaces. The only constant in this space is change. In this dynamically changing scenario it is important to understand new threats that emerge in order to build constructive strategies to protect corporate assets.

This two–day workshop will expose students to both aspects of security: attacks and defense. To think of newer Web applications without Web services is a big mistake. Sooner or later existing applications will be forced to migrate to the new framework. This workshop includes several cases, demonstrations and hands-on exercises with newer tools to give you a headstart over others in the field.

The following topics will be covered in-depth during these sessions:

  • Web Security Fundamentals and Principles, Trends and Opportunities
  • Methods, Components and Protocols (HTTP, HTTPS and SOAP)
  • Web application assessment methods – Blackbox and Whitebox approaches
  • Web application Deployment and Security Deployment issues
  • Web application Footprinting, Discovery and Profiling
  • Search engines and their role in Web Application hacking (Google & MSN)
  • Web application attack vectors and assets-to-attacks-mapping
  • XML-based attacks
  • SQL, LDAP, XPATH injection techniques
  • XSS, Cross-site cookie spoiling and AJAX-hacking
  • Web services frameworks
  • Web services footprinting, discovery and profiling
  • Web services attacks
  • Web application firewall – Build and Deploy
  • Web security controls and best practices
  • Secure coding and reverse engineering methods
  • Tools and Techniques
  • Hands-on challenges and labs

    About the trainer

    ** Due to a medical condition, Shreeraj Shah will not be conducting this training class. The training will instead be conducted by by Mr. Umesh Nagori and Ms. Lyra Fernandes.

    Umesh Nagori

    Umesh, currently, working as VP Business Development for the IT Security Practices at Net-Square. Umesh also provides information security consulting services and trainings to Net-Square clients, specializing in Web hacking and security. He brings more than 10 years of experience in the Information Technology. Right from the software development, he has played key roles in various other areas of Information Technologies like system administration and network management, system analysis, training, project management. He has over 6 years of experience with web application development, application and system security architecture, network architecture, security consulting, security training.

    Prior to joining Net-Square, Umesh worked as Sr. System Analyst (IT Application) at Hughes Network Systems, USA (HNS). In his capacity as Sr. System Analyst, he played key role in overseeing the web development and the application security for the internet facing applications at HNS.

    Prior to HNS, Umesh worked as Principal Consultant at iROMYX Inc. His experience at iROMYX provided him with numerous challenging projects at clients like Cisco, Motorola, NEC, Carlson, Sycamore, VIAG Interkom (Germany) and many others. Apart from web application development for public facing applications, he provided significant contribution to many clients in designing the security for their web applications.

    Prior to his experience in USA, Umesh worked as Research Assistant at Indian Institute of Management, Ahmedabad (India) where he played a role as system & network Administrator for IIMA networks, web designer/developer for the IIMA Internet & Intranet applications and training instructor.

    Umesh graduated from Gujarat University with a bachelor’s degree in Commerce. He has also successfully completed BS7799 Lead Auditor Course.

    Lyra Fernandes

    At Net-Square, Lyra is part of the consulting team and participates in Web application security assessment and source code review assignments. She has a strong training background and is also responsible for developing and managing research and training material. Prior to joining Net-Square, Lyra was a Senior Faculty at Aptech Computer Education and Cybersoft Systems. Besides her strong training background, she has also worked on web administration and design in her tenure at Cybersoft Systems. Lyra graduated with a Bachelor’s degree in Physics from Gujarat University, followed by a post-graduate Diploma in Computer Applications. She has also cleared the Sun Solaris System Administration Certification.

  • Event Organizer

    Hack In The Box (M) Sdn. Bhd.

    Supported & Endorsed By

    Malaysian Communications and Multimedia Commission (MCMC)

    Malaysian Administrative Modernisation & Management Planning Unit

    Platinum Sponsors

    Foundstone - A division of McAfee Inc.

    Microsoft Corporation

    Main Sponsors

    Cisco Systems

    Lucent Technologies - Bell Labs Innovations

    Official Airline Partner

    Internet Bandwidth Sponsor

    AIMS - Malaysia's Telecommunications Hub

    Official Hotel

    Westin Kuala Lumpur

    CTF Sponsor


    CTF Prize Sponsor

    Scan Associates Berhad.

    Our Speakers Are Supported By:

    Bellua Asia Pacific

    Core Security Technologies

    Media Partners:

    InfoSec News

    (ISN) InfoSec News

    Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

    Insecure Magazine

    Phrack Magazine

    Hakin9 Magazine

    Supporting Organizations


    ISECOM - Insititue for Security and Open Methodologies

    IT Underground

    Chaos Computer Club (Germany)

    X-Focus China

    Zone-H Defacement Mirror

    Xatrix Security


    Special Interest Group in Security & Information InteGrity Singapore