Title: Advanced Web Application & Services Hacking
Trainer: Shreeraj Shah (Director, Net-Square) & Umesh Nagori (VP, Business Development, Net-Square)
Capacity: 20 pax
Seats left: CLASS IS FULL
Duration: 2 days
Cost: (per pax) USD1299 (early bird) / USD1499 (non early-bird)

REGISTER NOW

Content:

A growing concern has been Web application security Web and application servers are the target of regular attacks by attackers that exploit security loopholes or vulnerabilities in code or design. Adding to this concern are next generation applications; applications that are on the fast track and more appealing to the user, utilizing dynamic AJAX scripts, Web services and newer Web technologies to create intuitive and easy interfaces. The only constant in this space is change. In this dynamically changing scenario it is important to understand new threats that emerge in order to build constructive strategies to protect corporate assets.

This two day workshop will expose students to both aspects of security: attacks and defense. To think of newer Web applications without Web services is a big mistake. Sooner or later existing applications will be forced to migrate to the new framework. This workshop includes several cases, demonstrations and hands-on exercises with newer tools to give you a headstart over others in the field.

The following topics will be covered in-depth during these sessions:

Web Security Fundamentals and Principles, Trends and Opportunities

Methods, Components and Protocols (HTTP, HTTPS and SOAP)

Web application assessment methods - Blackbox and Whitebox approaches

Web application Deployment and Security Deployment issues

Web application Footprinting, Discovery and Profiling

Search engines and their role in Web Application hacking (Google & MSN)

Web application attack vectors and assets-to-attacks-mapping

XML-based attacks

SQL, LDAP, XPATH injection techniques

XSS, Cross-site cookie spoiling and AJAX-hacking

Web services frameworks

Web services footprinting, discovery and profiling

Web services attacks

Web application firewall - Build and Deploy

Web security controls and best practices

Secure coding and reverse engineering methods

Tools and Techniques

Hands-on challenges and labs

---

About the trainer
Shreeraj Shah

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Net Square,a company that provides security consulting, training and development services to the world’s leading software vendors, financial and professional service providers. Prior to founding Net-Square, he has worked with Foundstone, Chase Manhattan Bank and IBM. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments and security architecture reviews.

He is also the author of Hacking Web Services (Thomson) and co-author of Web Hacking: Attacks and Defense (Addison-Wesley). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert. You can read his blog at http://shreeraj.blogspot.com/

---

Umesh Nagori

Umesh, currently, working as VP Business Development for the IT Security Practices at Net-Square. Umesh also provides information security consulting services and trainings to Net-Square clients, specializing in Web hacking and security. He brings more than 10 years of experience in the Information Technology. Right from the software development, he has played key roles in various other areas of Information Technologies like system administration and network management, system analysis, training, project management. He has over 6 years of experience with web application development, application and system security architecture, network architecture, security consulting, security training.

Prior to joining Net-Square, Umesh worked as Sr. System Analyst (IT Application) at Hughes Network Systems, USA (HNS). In his capacity as Sr. System Analyst, he played key role in overseeing the web development and the application security for the internet facing applications at HNS.

Prior to HNS, Umesh worked as Principal Consultant at iROMYX Inc. His experience at iROMYX provided him with numerous challenging projects at clients like Cisco, Motorola, NEC, Carlson, Sycamore, VIAG Interkom (Germany) and many others. Apart from web application development for public facing applications, he provided significant contribution to many clients in designing the security for their web applications.

Prior to his experience in USA, Umesh worked as Research Assistant at Indian Institute of Management, Ahmedabad (India) where he played a role as system & network Administrator for IIMA networks, web designer/developer for the IIMA Internet & Intranet applications and training instructor.

Umesh graduated from Gujarat University with a bachelor’s degree in Commerce. He has also successfully completed BS7799 Lead Auditor Course.