IQ Networks Professionelle Dienste:
Sicherheitsaudit
Policies
Design/Consulting
Implementierung
Management
Dokumentation
Schulung
Datenschutz
Computer Forensics
Search

Auditing Web Based Applications Hand-on

There are numerous commercial and freeware tools to assist in locating network-level security vulnerabilities. However, these tools are incapable of locating application-level issues for web-enabled services, such as online shopping and banking sites. 

This course will demonstrate how to identify security weaknesses for web-enabled services that could be exploited by remote users. A security checklist covering the areas discussed in the course will be included with the course material. The course will define the key threat areas, demonstrate how to remotely identify vulnerabilities within each area using publicly available software and manual techniques, and describe the steps required to eliminate or mitigate exposures. Material is presented in a step-by-step approach, and will apply to e-commerce, online banking, shopping, and subscription-based sites.

 This course would be especially useful for those auditing web-based applications, developing a web-based application, or managing the development of a web-based application. All techniques and tools are demonstrated using a Windows platform. Course notes include documentation for performing similar tests from Unix systems. Students will be provided freeware and demonstration versions of tools demonstrated in class. Students will also have the opportunity to use these tools throughout the day against live web servers.

Course Topics Include

  • Information Gathering Attacks
  • How Hackers Read between the Lines to Get a Jump on Your Web Site.
  • HTML and JavaScript: http Headers
  • Third-party Products
  • The Use of Third-party Products Can Expose Your Customer's Data.
  • Web-based Certificate Authorities
  • Microsoft and Entrust
  • User Sign-on Process: Many Sites Contain Serious Flaws that Expose Them to the Threat of Bad Publicity and Result in a Loss of Customer Confidence.
  • Gent luxury hotelsUser Name Harvesting
  • sheraton hotel VoruPassword Harvesting
  • Resource Exhaustion
  • User Sign-off Process: Are Users Really Signed Off?
  • OS and Web Server Weaknesses
  • Buffer Overflows
  • hoteles en BrnoDefault Material Encryption: Finding the Weakest Link
  • Session Tracking
  • URL Rewriting, Basic Authentication, and Cookies: Their Strengths and Weaknesses
  • Session Cloning, IP Hopping and other Subtle Dangers
  • A Recipe for Strong Session IDS
  • Authentication: Server, Session, Transactional
  • Transaction-level Issues
  • Hidden Form Elements
  • Unexpected User Input
  • GET vs. POST
  • JavaScript Filters
  • Improper Server Logic
  • Web Browser Security
  • Server-side Techniques for Protecting Your Customers and Their Sensitive Data

Um die vollständige Liste unserer Kurse anzusehen, klicken Sie bitte hier

Download Service-Broschüre

Wenn Sie detailliertere Informationen zu unseren Dienstleistungen und Produkten per mail wünschen, klicken Sie bitte hier

 

TOP
Copyright IQ Networks, 2003
Reprint Permission

 

Copyright 2003 IQ NETWORKS
- | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - |