2024 ISACA North Texas Summer Seminar: Auditing Web Applications

Starts:  Aug 14, 2024 09:00 (CT)
Ends:  Aug 16, 2024 17:00 (CT)
Associated with  North Texas Chapter

***Last Day to Register: August 7th***

Sponsor: Baker Tilly (Frisco)
Dates: August 14, 2024 - August 16, 2024
Time: 9:00am to 5:00pm Central Time (1 Hour Break for Lunch)
Location: 17 Cowboys Way, Frisco, TX 75034 (First Floor Conference Room)
CPE: 21 (3 days)
Format: In Person
ISACA Non-Member Pricing:
$800
ISACA Member Pricing: $750
Note: Registration includes breakfast, coffee, and lunch.

FEE Notes: 

  • All non-members of ISACA must create a free account and log in during registration.
  • You can create an ISACA account here if you do not already have one.

 

Course Overview:
This 3 day course identifies the key issues that an auditor should look at in order to identify whether a web application has been properly secured. Each of the PCI secure coding requirements are covered including the OWASP Top 10 and CWE/SANS Top 25 Most Dangerous Programming Errors. The tools and techniques for assessing and securing applications will be reviewed, including hands-on exercises which reinforce the concepts introduced in the class. Topics discussed include authentication, authorization, SQL injection, cross site scripting, cross site request forgery, HTTP response splitting, logging requirements, data storage requirements, phishing and redirection attacks, how to respond to incidents and more! Authentication solutions and mechanisms that will be investigated including basic authentication, digest authentication, forms based authentication, multi-factor authentication, Windows integrated authentication, CAPTCHA and others.
Course Agenda:

I. Foundational Skills & Web Basics
II. Environment Identification & Application Exploration
III. Authentication Analysis
IV. Session Analysis
V. Authorization and Business Logic
VI. Element Manipulation Concepts
VII. Input Validation Verification
VIII. Phishing, anti-automation and anti-spam
IX. Cross Site Request Forgery



Laptop Required:

Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
     • USB Port
     • 8 GB RAM or higher
     • 25 GB available hard drive space
     • Windows 7 professional or later
     • Administrator privileges including the capability to install and run tools, as well as disable anti-virus
     • VMWare Player should be installed

Instructor:

Tanya Baccam, Consultant, Senior SANS Instructor, CISSP, CPA, CITP, CISA, CISM, GPPA, GCIH, OCP DBA
Tanya Baccam has extensive experience performing audits and assessments including application reviews, system audits, vulnerability and penetration tests, as well as providing training around application and software development risks. She is skilled in reviewing the security architecture for clients including assessing firewalls, applications, web sites, network infrastructure, operating systems, routers, and databases. She has conducted multiple network penetration engagements, vulnerability assessments and risk assessments using an arsenal of tools including commercially available and open-source tools. She has developed and reviewed policies and procedures, as well as developing and providing security awareness training. Tanya has been responsible for conducting, scheduling and managing numerous security assessment engagements. Additionally, she has provided advice and guidance to multiple companies on how to build successful auditing practices. During her career in Information Technology, Tanya has become an expert in network and application security services. She has functioned in management, training and consulting roles. She has vast experience including support of Novell, UNIX, Windows, and Oracle platforms. Tanya is a Senior Certified Instructor and courseware author for SANS (Sysadmin, Audit, Network, Security) where she has developed and delivered training in security auditing, incident handling, hacker exploits, database security and perimeter protection, as well as being an authorized grader for some of the GIAC certifications. She is also a member of ISACA (Information Systems Audit and Control Association).

Location

First Floor Conference Room
17 Cowboys Way
Frisco, TX 75034

Pricing Information

Registration Price
Member $750.00
Non-member $800.00

Contact

ISACA North Texas Education

education@isaca-northtexas.org