Hands on Application Security is a fully guided and practical course about how web applications are attacked in the real world and what you can do to mitigate every attack. We illustrate exactly how each attack works, what the impact of each attack is, how to fix it, and how the exploit no longer works after the fix. We also give you in-depth, practical advice about how to simplify your defense and how to implement attack mitigation that work.
Course Objectives
· The participant will understand the process of identifying security issues,
· The participant will understand how they could exploit security vulnerabilities in an application,
· The participant will be able to demonstrate proof-of-concept exploits,
· The participant will be able to know how to implement fixes for these security issues, and
· Verify that the fixes work using your proof-of-concept exploits again
Lessons are highly practical and will provide the knowledge and hands-on experience necessary to: identify, attack, fix and verify security issues in web applications.
Course Contents
Exercise 1 – SQL Injection
Lab - Login without credentials
Exercise 2 – Broken Authentication
Lab 2 - Brute Force A Target Application
Exercise 3 – Cross-Site Scripting (XSS)
Lab 3 -Steal the User Cookie
Exercise 4 – Insecure Direct Object Reference
Exercise 5 – Security Mis-configuration
Lab 4 - Application Errors to assist SQL Injection
Lab 5 - Directory Browsing Exploit
Lab 6 - Locate sensitive information
Exercise 6 – Sensitive Data Exposure
Lab 7 - HTML Comments Sensitive Information Disclosure
Exercise 7 – Missing Function Level Access Control
Lab 8 - Vertical Privilege Escalation
Lab 9 - Horizontal Privilege escalation
Exercise 8 – Cross-site Request Forgery (CSRF)
Lab 10 - Run A Cross-Site Request Forgery Attack against a target Web Application
|
WHO SHOULD ATTEND?
CISO, CCOs, CIOs, CROs, Heads of Audit, Chief inspectors, IT professionals, IS Auditors, Risk professionals, Heads of Strategy/Business Transformation, Audit professionals, Information Security Professionals, Financial, Business Process and Compliance auditors.
TIME 9:00am - 5:00pm/Sat 2nd March 2019 12noon - 5:00pm/Sun 3rd March 2019 13 CPE Hours
REGISTRATION
· Registration fee is N25,000
· Registration is limited to the first 120 registrants.
· Bulk Registration: For every 5 participants from your organization, you earn a free slot.
Registration fee includes refreshments. Registrants should come with their laptop and Internet.
|
|
PAYMENT DETAILS
ACCOUNT NAME – ISACA LAGOS CHAPTER ACCOUNT NUMBER – 0669321015
BANK – FIRST CITY MONUMENT BANK (FCMB)
|
VENUE
ISACA Lagos Chapter Secretariat, GTI HOUSE 127 Awolowo Way (by Allen Roundabout) Ikeja, Lagos, Nigeria
|
|