[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: hitb cinema :: lock picking village :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Conference Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/

Official Photos: http://photos.hitb.org

TECH TRAINING 1 - Advanced Web Application & Services Hacking

Filed under: Main Page — Administrator @ 7:45 pm

Title: Advanced Web Application & Services Hacking
Trainer: Shreeraj Shah (Director, BlueInfy)
Capacity: 34 pax
Seats left: REGISTRATION CLOSED
Duration: 2 days
Cost: (per pax) MYR2899 (early bird) / MYR3299 (non early-bird)

Content:

A growing concern has been Web application security Web and application servers are the target of regular attacks by attackers that exploit security loopholes or vulnerabilities in code or design. Adding to this concern are next generation applications; applications that are on the fast track and more appealing to the user, utilizing dynamic AJAX scripts, Web services and newer Web technologies to create intuitive and easy interfaces. The only constant in this space is change. In this dynamically changing scenario it is important to understand new threats that emerge in order to build constructive strategies to protect corporate assets.

This two day workshop will expose students to both aspects of security: attacks and defense. To think of newer Web applications without Web services is a big mistake. Sooner or later existing applications will be forced to migrate to the new framework. This workshop includes several cases, demonstrations and hands-on exercises with newer tools to give you a headstart over others in the field.

The following topics will be covered in-depth during these sessions:

  • Web Security Fundamentals and Principles, Trends and Opportunities
  • Methods, Components and Protocols (HTTP, HTTPS and SOAP)
  • Web application assessment methods - Blackbox and Whitebox approaches
  • Web application Deployment and Security Deployment issues
  • Web application Footprinting, Discovery and Profiling
  • Search engines and their role in Web Application hacking (Google & MSN)
  • Web application attack vectors and assets-to-attacks-mapping
  • XML-based attacks
  • SQL, LDAP, XPATH injection techniques
  • XSS, Cross-site cookie spoiling and AJAX-hacking
  • Web services frameworks
  • Web services footprinting, discovery and profiling
  • Web services attacks
  • Web application firewall - Build and Deploy
  • Web security controls and best practices
  • Secure coding and reverse engineering methods
  • Tools and Techniques
  • Hands-on challenges and labs


    About the trainer

    Shreeraj Shah

    Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

    He is also the author of popular books like Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.



  • Event Organizer


    Hack In The Box (M) Sdn. Bhd.

    Supported & Endorsed By


    Malaysian Communications and Multimedia Commission (MCMC)


    Malaysian Administrative Modernisation & Management Planning Unit

    Platinum Sponsors


    Microsoft Corporation

    Gold Sponsors


    SCANIT ME LLC

    Official Airline Partner


    Internet Bandwidth Sponsor


    Global Transit

    CTF Sponsor


    Scan Associates

    CTF Prize Sponsor


    Scan Associates

    Sponsor for Zone-H/HITB Hacking Challenge


    Ascendsys

    HITB Cinema Sponsor


    Avenuz Sdn. Bhd.

    Official Creation Station


    The Womb.com

    Our Speakers are Supported By


    F-Secure Corporation


    Arbor Networks


    Mediaservice.net


    Bellua Asia Pacific


    ERNW GmbH


    Mozilla Corporation


    Mu Security

    Supporting Media:

    Virus Bulletin

    Virus Bulletin (VB)

    InfoSec News

    (ISN) InfoSec News

    InfoSec News

    XAKEP (Russia)

    Insecure Magazine

    PHRACK Magazine

    Hakin9 Magazine

    Supporting Organizations


    Chaos Computer Club


    ISECOM - Insititue for Security and Open Methodologies


    ISACA


    IT Underground


    X-Focus China

    Zone-H Defacement Mirror


    Xatrix Security


    Special Interest Group in Security & Information InteGrity Singapore


    Syscan