Cyber-Security Practical Workshop – Hands on Application Security Assessment

Starts:  Mar 2, 2019 09:00 (WAT)
Ends:  Mar 3, 2019 17:00 (WAT)
Associated with  Lagos Chapter

Hands on Application Security is a fully guided and practical course about how web applications are attacked in the real world and what you can do to mitigate every attack. We illustrate exactly how each attack works, what the impact of each attack is, how to fix it, and how the exploit no longer works after the fix. We also give you in-depth, practical advice about how to simplify your defense and how to implement attack mitigation that work.

Course Objectives

·   The participant will understand the process of identifying security issues,

·    The participant will understand how they could exploit security vulnerabilities in an application,

·  The participant will be able to demonstrate proof-of-concept exploits,

·   The participant will be able to know how to implement fixes for these security issues, and

·  Verify that the fixes work using your proof-of-concept exploits again

 

Lessons are highly practical and will provide the knowledge and hands-on experience necessary to: identify, attack, fix and verify security issues in web applications.

Course Contents

Exercise 1 – SQL Injection

Lab - Login without credentials

Exercise 2 – Broken Authentication

Lab 2 - Brute Force A Target Application

Exercise 3 – Cross-Site Scripting (XSS)

Lab 3 -Steal the User Cookie

Exercise 4 – Insecure Direct Object Reference

Exercise 5 – Security Mis-configuration

Lab 4 - Application Errors to assist SQL Injection

Lab 5 - Directory Browsing Exploit

Lab 6 - Locate sensitive information

Exercise 6 – Sensitive Data Exposure

Lab 7 - HTML Comments Sensitive Information Disclosure

Exercise 7 – Missing Function Level Access Control

Lab 8 - Vertical Privilege Escalation

Lab 9 - Horizontal Privilege escalation

Exercise 8 – Cross-site Request Forgery (CSRF)

Lab 10 - Run A Cross-Site Request Forgery Attack against a target Web Application

WHO SHOULD ATTEND?

CISO, CCOs, CIOs, CROs, Heads of Audit, Chief inspectors, IT professionals, IS Auditors, Risk professionals, Heads of Strategy/Business Transformation, Audit professionals, Information Security Professionals, Financial, Business Process and Compliance auditors. 

 TIME 
 9:00am - 5:00pm/Sat 2nd March 2019
 12noon - 5:00pm/Sun 3rd March 2019
 
 13 CPE Hours

REGISTRATION

· Registration fee is N25,000

· Registration is limited to the first 120 registrants.

· Bulk Registration: For every 5 participants from your organization, you earn a free slot.

Registration fee includes refreshments. Registrants should come with their laptop and Internet. 

 

PAYMENT DETAILS

ACCOUNT NAME – ISACA LAGOS CHAPTER ACCOUNT NUMBER – 0669321015

BANK – FIRST CITY MONUMENT BANK (FCMB)

 

VENUE

ISACA Lagos Chapter Secretariat,
GTI HOUSE 
127 Awolowo Way (by Allen Roundabout)
Ikeja,
Lagos, Nigeria

Location

ISACA Lagos Chapter Secretariat, GTI House
127, Awolowo Way (by Allen Roundabout)
Ikeja
Lagos
Event Image

Contact

Olayinka Mordi
+2347063500750
info@isacalagos.org