Technical Training Track C


Trainer: Shreeraj Shah (Net-Square)
Duration: 2-days
Cost: 150BD/USD400 (Early Bird) || 200BD/USD530 (Non Early Bird)

Title: Web Applications: Attacks and Defense
Abstract: This course is an intense two-day journey into the innards of web application security. Brought to you by the authors of Web Hacking: Attacks and Defense, the class is based on case studies of real-life web applications riddled with security problems. Participants are given a hands-on experience in performing thorough application security reviews, as well as secure coding and application deployment techniques.

The course is based on a highly proven application testing methodology, encompassing black box and white box testing techniques, application security principles and practices, and real world examples.

During the course, the participants are introduced to a web application, which they have to secure by the end of the training class. The application lockdown exercise takes the participants through various concepts such as:

* Understanding application security issues
* Application testing methodologies
* Secure application deployment
* Secure coding techniques
* Security by design.

The Web Applications: Attacks and Defense class features web applications written using ASP or PHP, encompassing security issues such as:

* Exception handling
* SQL injection
* Remote command execution
* Data tampering
* Cross site scripting

The advanced edition of the Web Applications: Attacks and Defense class features a more complex web application, written using ASP, PHP, ASP.NET or Java/JSP. In addition to the regular class, the advanced edition class includes security issues such as:

* Authentication
* Preventing session hijacking
* Privilege escalation
* Advanced SQL security with stored procedures

This class involves rigorous hands-on exercises.

Key Learning Objectives:

* Problems that occur when developing a web application.
* Security issues when deploying a web application.
* Web application security testing
* Securely configuring web servers
* Secure coding techniques
* Spotting basic errors in web application code
* Basic error handling techniques

General Learning Objectives:

* Developing procedures to test and maintain the security of a web application.
* Source code review procedures.
* Proficiency with security testing tools and procedures

Who Should Attend:

* Developers: Learn what can go wrong with badly written application code, and how to prevent such errors.
* Web site administrators: Learn how to securely configure a web server and an application server, without compromising on functionality.
* Application security analysts: Learn how to systematically analyze and audit a web application.
* Project managers / IT managers: Learn how to be effective in maintaining a secure web application, going ahead.

About Shreeraj:

Shreeraj founded Net-Square in January 2000, to establish the company as a strong security research and security software development company. Net-Square has been instrumental in developing and exporting web security components companies such as Foundstone and NT OBJECTives. He leads research and development arm of Net Square. He has over 5 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Chase Bank and IBM in area of web security.

Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India. Shreeraj has also authored a book titled “Web Hacking: Attacks and Defense” published by Addison Wesley.

Posted by Administrator @ 2004-11-30 1:21 pm

Event Organizers

E-Security Gulf Group  

Hack In The Box (M) Sdn. Bhd.  


Microsoft Corporation  

Argus Systems Group 

Bahrain International Circuit 

Gulf Air 

Kingdom University, Bahrain 

Instec Digital Systems 

Oracle Corporation 


Duroob Technology 

Qatar Airways 

Supporting Organizations

Bellua Asia Pacific  

X-Focus China  

Bahrain Information Technology Society 

Hack In The Box (M) Sdn. Bhd.