- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
select a course
Memphis , TN - October 20 - 23, 2008
- Event Location & Info
- General Info
- Faculty
- Vendor Expo
- Vendor Events
- Special Events
- Community SANS
- Brochure (PDF)
Intense training! An excellent combination of technical and theory instruction.
-Richard Brull
Security 542
4 Day Course
(SelfStudy Available)
Web App Penetration Testing and Ethical Hacking
Monday, October 20, 2008 - Thursday, October 23, 2008Seth Misenar, Blue Cross Blue Shield of MS
6 CPE Credits Per Day
Assess Your Web Apps in Depth
Web applications are a major point of vulnerability in organizations today. Web app holes have resulted in the theft of millions of credit cards, major financial and reputational damage for hundreds of enterprises, and even the compromise of thousands of browsing machines that visited web sites altered by attackers. In this class, you'll learn the art of exploiting web applications so you can find flaws in your enterprise's web apps before the bad guys do. Through detailed, hands-on exercises and training from a seasoned professional, you will be taught the four-step process for web application penetration testing. You will inject SQL into back-end databases, learning how attackers exfiltrate sensitive data. You will utilize Cross Site Scripting attacks to dominate a target infrastructure in our unique hands-on laboratory environment. And, you will explore various other web app vulnerabilities in-depth, with tried-and-true techniques for finding them using a structured testing regimen. You will learn the tools and methods of the attacker, so that you can be a powerful defender.
On Day 1, we will study the attacker's view of the web. On Day 2, we will analyze the art of reconnaissance, specifically targeted to web applications. We will also examine the mapping phase, when we interact with a real application to determine its internal structure. We will also start the discovery step. During Day 3, we will continue our in-depth discovery using the information we gathered on Day 2. On Day 4 we will continue discovery, focusing on client side portions of the application such as Flash objects and Java applets.
Throughout the class, you will learn the context behind the attacks, so that you intuitively understand the real-life applications of exploitation. In the end, you will be able to assess your own organization's web applications to find some of the most common and damaging web application vulnerabilities today.
By knowing your enemy, you can defeat your enemy. General security practitioners, as well as web site designers, architects, and developers, will benefit from learning the practical art of web application penetration testing in this class.