[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us :: forum ]
[ :: sponsors :: past conferences :: conference kit (English) ]

TECH TRAINING 1 - Advanced Web Application & Services Hacking

Filed under: Main Page — Administrator @ 7:45 pm

Title: Advanced Web Application & Services Hacking
Trainer: Shreeraj Shah (Director, Net-Square) & Umesh Nagori (VP, Business Development, Net-Square)
Capacity: 20 pax
Seats left: CLASS IS FULL
Duration: 2 days
Cost: (per pax) USD1299 (early bird) / USD1499 (non early-bird)



A growing concern has been Web application security Web and application servers are the target of regular attacks by attackers that exploit security loopholes or vulnerabilities in code or design. Adding to this concern are next generation applications; applications that are on the fast track and more appealing to the user, utilizing dynamic AJAX scripts, Web services and newer Web technologies to create intuitive and easy interfaces. The only constant in this space is change. In this dynamically changing scenario it is important to understand new threats that emerge in order to build constructive strategies to protect corporate assets.

This two day workshop will expose students to both aspects of security: attacks and defense. To think of newer Web applications without Web services is a big mistake. Sooner or later existing applications will be forced to migrate to the new framework. This workshop includes several cases, demonstrations and hands-on exercises with newer tools to give you a headstart over others in the field.

The following topics will be covered in-depth during these sessions:

  • Web Security Fundamentals and Principles, Trends and Opportunities
  • Methods, Components and Protocols (HTTP, HTTPS and SOAP)
  • Web application assessment methods - Blackbox and Whitebox approaches
  • Web application Deployment and Security Deployment issues
  • Web application Footprinting, Discovery and Profiling
  • Search engines and their role in Web Application hacking (Google & MSN)
  • Web application attack vectors and assets-to-attacks-mapping
  • XML-based attacks
  • SQL, LDAP, XPATH injection techniques
  • XSS, Cross-site cookie spoiling and AJAX-hacking
  • Web services frameworks
  • Web services footprinting, discovery and profiling
  • Web services attacks
  • Web application firewall - Build and Deploy
  • Web security controls and best practices
  • Secure coding and reverse engineering methods
  • Tools and Techniques
  • Hands-on challenges and labs

    About the trainer
    Shreeraj Shah

    Shreeraj Shah, B.E., MSCS, MBA, is the founder of Net Square,a company that provides security consulting, training and development services to the world’s leading software vendors, financial and professional service providers. Prior to founding Net-Square, he has worked with Foundstone, Chase Manhattan Bank and IBM. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

    He is also the author of Hacking Web Services (Thomson) and co-author of Web Hacking: Attacks and Defense (Addison-Wesley). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert. You can read his blog at http://shreeraj.blogspot.com/

  • Umesh Nagori

    Umesh, currently, working as VP Business Development for the IT Security Practices at Net-Square. Umesh also provides information security consulting services and trainings to Net-Square clients, specializing in Web hacking and security. He brings more than 10 years of experience in the Information Technology. Right from the software development, he has played key roles in various other areas of Information Technologies like system administration and network management, system analysis, training, project management. He has over 6 years of experience with web application development, application and system security architecture, network architecture, security consulting, security training.

    Prior to joining Net-Square, Umesh worked as Sr. System Analyst (IT Application) at Hughes Network Systems, USA (HNS). In his capacity as Sr. System Analyst, he played key role in overseeing the web development and the application security for the internet facing applications at HNS.

    Prior to HNS, Umesh worked as Principal Consultant at iROMYX Inc. His experience at iROMYX provided him with numerous challenging projects at clients like Cisco, Motorola, NEC, Carlson, Sycamore, VIAG Interkom (Germany) and many others. Apart from web application development for public facing applications, he provided significant contribution to many clients in designing the security for their web applications.

    Prior to his experience in USA, Umesh worked as Research Assistant at Indian Institute of Management, Ahmedabad (India) where he played a role as system & network Administrator for IIMA networks, web designer/developer for the IIMA Internet & Intranet applications and training instructor.

    Umesh graduated from Gujarat University with a bachelor’s degree in Commerce. He has also successfully completed BS7799 Lead Auditor Course.

    Event Organizer

    Hack In The Box (M) Sdn. Bhd.

    Supported & Endorsed By

    UAE Telecommunications Regulatory Authority(TRA)

    Malaysian Communications and Multimedia Commission (MCMC)

    Malaysian Administrative Modernisation & Management Planning Unit

    Platinum Sponsors

    Gold Sponsors

    Microsoft Corporation

    HP Middle East

    Official Airline Partner

    Official Airline Partner for HITB Crew

    CTF Sponsor

    Scan Associates

    CTF Prize Sponsor

    Scan Associates

    Official Media Partner

    Official Publications

    Our Speakers Are Supported By:

    Telspace Systems

    Telecom Security Task Force - TSTF.net


    F-Secure Corp

    Mozilla Corporation

    FMA-RMS (Singapore/Malaysia)

    Official Hotel

    Supporting Media:

    InfoSec News

    (ISN) InfoSec News


    Xakep (Russia)

    Insecure Magazine

    PHRACK Magazine

    Hakin9 Magazine

    Supporting Organizations

    ISECOM - Insititue for Security and Open Methodologies

    IT Underground

    X-Focus China

    Zone-H Defacement Mirror

    Xatrix Security