Difference between revisions of "Transparency"
dryxchikal (talk | contribs) m |
dryxchikal (talk | contribs) m |
||
| Line 1: | Line 1: | ||
| + | InfoSec Institute: Information Security Training | ||
| + | Application Security Training: Web Application Hacking | ||
| + | |||
| + | The latest frontier in information security is undoubtedly application security. The average sized organization has hundreds of in-house and externally developed applications. With business processes increasingly moving towards the web services and the software-as-a-service model catching on, many organizations today are exposing data and critical business services to untested or insecure applications. | ||
| + | |||
| + | These applications with inadequate or non-existent security are a veritable treasure trove for malicious hackers. Most hackers have realized that enterprise-class organizations have firewalls in place and have a working patching policy for externally available hosts. Increasingly, the first route in to a critical database containing customer information, credit card data, proprietary data or classified information is through a vulnerable application. | ||
| + | |||
| + | InfoSec Institute’s Application Security: Web Application Hacking will position you as an able and ready Application Security Professional. You will gain skills on how to assess applications from a hacker’s point of view, understand application security vulnerabilities and learn how to close these security holes so they are never exploited by a hacker. | ||
| + | |||
| + | Application Security: Web Application Hacking is a unique offering in the security industry. While some security courses may brush over application security, or cover the security of small-scale “demo” applications, InfoSec Institute concentrates on the latest application security attacks against modern, enterprise, applications. | ||
| + | |||
| + | This hands-on course teaches you: | ||
| + | |||
| + | * The fundamentals of modern Application Security on both .Net and Java platforms | ||
| + | * Application security threats and assessment/attack techniques | ||
| + | * The latest threats to Web Services and AJAX-enabled applications | ||
| + | |||
| + | InfoSec Institute has only the highest quality instructors, with deep background in Application Security. Our instructors are actively involved in the Application Security community. They have authored several books on the subject, spoken at various industry conferences, and are considered subject matter experts. | ||
| + | |||
| + | Application Security: Web Application Hacking is a totally hands on course. While a student in this class, you will be engaged in a thought-provoking lecture on the topic at hand, and then directly implement the relevant hands-on lab exercise in our Application Security Lab. Some of the lectures included in the course: | ||
| + | |||
| + | Some of the topics you will learn to master during the Application Security Training: | ||
| + | |||
| + | * Secure Programming Throughout the Application Development Lifecycle | ||
| + | * Confronting Flawed Input Data | ||
| + | * Implementation Best Practices | ||
| + | * Source code analysis scanning software | ||
| + | * Code Origin Access Control Methods | ||
| + | * Network Transmission Security with the JSSE API/SSL | ||
| + | * WS Security, XKMS, and WS-I Basic security profile | ||
| + | * SecureXML Libraries | ||
| + | * Privilege Escalation Opportunities | ||
| + | * Race Conditions | ||
| + | * Cross Site Scripting Injection | ||
| + | * .Net Secure Remoting | ||
| + | * Windows Forms Security | ||
| + | * SQL Server: Exploitation and Defense | ||
| + | |||
| + | |||
| + | |||
| + | * Fault Injection and Fuzzing | ||
| + | * Java security managers, policy files, and JAAS | ||
| + | * ASP.NET Security | ||
| + | * XOR, Base64 and Garbage Data Obfuscation | ||
| + | * Securely Maintaining Session State – Best Practices | ||
| + | * Session fixation | ||
| + | * Vulnerabilties in AJAX-enabled applications | ||
| + | * Advanced SQL Injection | ||
| + | * Oracle PL/SQL Injection | ||
| + | * .Net Security tokens, XML signature, XML canonicalization, and XML encryption | ||
| + | * .Net WS-Trust and WS-SecureConversation | ||
| + | * Error Control Verbosity Abuse | ||
| + | |||
| + | Need more detail? Check out the 5 Day Detailed Application Security Syllabus | ||
| + | |||
| + | How You Benefit: | ||
| + | |||
| + | * Gain the in-demand career skills of an Application Security Professional. Learn application security fundamentals, hands on application assessment techniques and methodologies used by the top application security professionals. | ||
| + | * In this application security training course, learn the how and when it is appropriate to use tools to automate vulnerability discovery and when manual investigation is required. | ||
| + | * Develop a custom process for code assessments across many languages and platforms. | ||
| + | More than interesting theories and lecture, get your hands dirty in our dedicated hacking lab in this network security training course. | ||
| + | |||
| + | What's Included: | ||
| + | |||
| + | * 5 Days of Application Security training from a senior instructor with real-world application assessment and remediation experience. | ||
| + | * Guaranteed small class size (less than 10-16 Students), you get an intimate learning setting not offered at any of our competitors. | ||
| + | * InfoSec's Custom Application Security Enterprise Suite, includes every program covered in the course for at home study. | ||
| + | * All meals, snacks and refreshments included. | ||
| + | * Certified Application Security Specialist (CASS) exam fees. | ||
| + | * Lecture, Lab Exercise and Text book | ||
| + | |||
| + | Required Prerequisites: | ||
| + | |||
| + | * Firm understanding of the Windows Operating System | ||
| + | * Programming skills in any standard language (Perl, C++/C#, Java, etc.) | ||
| + | * Exposure to web application development | ||
| + | * Desire to learn about application security and web application hacking! | ||
| + | * Ethical intentions | ||
| + | |||
| + | If you are unsure if you meet the required prerequisites, contact us for a quick skill check. | ||
| + | |||
| + | Current Course List: | ||
Revision as of 20:42, 16 November 2009
InfoSec Institute: Information Security Training
Application Security Training: Web Application Hacking
The latest frontier in information security is undoubtedly application security. The average sized organization has hundreds of in-house and externally developed applications. With business processes increasingly moving towards the web services and the software-as-a-service model catching on, many organizations today are exposing data and critical business services to untested or insecure applications.
These applications with inadequate or non-existent security are a veritable treasure trove for malicious hackers. Most hackers have realized that enterprise-class organizations have firewalls in place and have a working patching policy for externally available hosts. Increasingly, the first route in to a critical database containing customer information, credit card data, proprietary data or classified information is through a vulnerable application.
InfoSec Institute’s Application Security: Web Application Hacking will position you as an able and ready Application Security Professional. You will gain skills on how to assess applications from a hacker’s point of view, understand application security vulnerabilities and learn how to close these security holes so they are never exploited by a hacker.
Application Security: Web Application Hacking is a unique offering in the security industry. While some security courses may brush over application security, or cover the security of small-scale “demo” applications, InfoSec Institute concentrates on the latest application security attacks against modern, enterprise, applications.
This hands-on course teaches you:
* The fundamentals of modern Application Security on both .Net and Java platforms * Application security threats and assessment/attack techniques * The latest threats to Web Services and AJAX-enabled applications
InfoSec Institute has only the highest quality instructors, with deep background in Application Security. Our instructors are actively involved in the Application Security community. They have authored several books on the subject, spoken at various industry conferences, and are considered subject matter experts.
Application Security: Web Application Hacking is a totally hands on course. While a student in this class, you will be engaged in a thought-provoking lecture on the topic at hand, and then directly implement the relevant hands-on lab exercise in our Application Security Lab. Some of the lectures included in the course:
Some of the topics you will learn to master during the Application Security Training:
* Secure Programming Throughout the Application Development Lifecycle * Confronting Flawed Input Data * Implementation Best Practices * Source code analysis scanning software * Code Origin Access Control Methods * Network Transmission Security with the JSSE API/SSL * WS Security, XKMS, and WS-I Basic security profile * SecureXML Libraries * Privilege Escalation Opportunities * Race Conditions * Cross Site Scripting Injection * .Net Secure Remoting * Windows Forms Security * SQL Server: Exploitation and Defense
* Fault Injection and Fuzzing * Java security managers, policy files, and JAAS * ASP.NET Security * XOR, Base64 and Garbage Data Obfuscation * Securely Maintaining Session State – Best Practices * Session fixation * Vulnerabilties in AJAX-enabled applications * Advanced SQL Injection * Oracle PL/SQL Injection * .Net Security tokens, XML signature, XML canonicalization, and XML encryption * .Net WS-Trust and WS-SecureConversation * Error Control Verbosity Abuse
Need more detail? Check out the 5 Day Detailed Application Security Syllabus
How You Benefit:
* Gain the in-demand career skills of an Application Security Professional. Learn application security fundamentals, hands on application assessment techniques and methodologies used by the top application security professionals.
* In this application security training course, learn the how and when it is appropriate to use tools to automate vulnerability discovery and when manual investigation is required.
* Develop a custom process for code assessments across many languages and platforms.
More than interesting theories and lecture, get your hands dirty in our dedicated hacking lab in this network security training course.
What's Included:
* 5 Days of Application Security training from a senior instructor with real-world application assessment and remediation experience. * Guaranteed small class size (less than 10-16 Students), you get an intimate learning setting not offered at any of our competitors. * InfoSec's Custom Application Security Enterprise Suite, includes every program covered in the course for at home study. * All meals, snacks and refreshments included. * Certified Application Security Specialist (CASS) exam fees. * Lecture, Lab Exercise and Text book
Required Prerequisites:
* Firm understanding of the Windows Operating System * Programming skills in any standard language (Perl, C++/C#, Java, etc.) * Exposure to web application development * Desire to learn about application security and web application hacking! * Ethical intentions
If you are unsure if you meet the required prerequisites, contact us for a quick skill check.
Current Course List:
