Security4all (talk | contribs) |
Security4all (talk | contribs) |
||
Line 1: | Line 1: | ||
There will be trainings in the days prior to BruCON , by internationally renowned trainers and at good prices. | There will be trainings in the days prior to BruCON , by internationally renowned trainers and at good prices. | ||
− | + | ==Registration details== | |
− | |||
===Crash course in Penetration Testing=== | ===Crash course in Penetration Testing=== | ||
− | |||
− | |||
− | |||
− | + | ====Instructors==== | |
− | |||
Joe McCray, and Chris Gates | Joe McCray, and Chris Gates | ||
− | + | ====Description==== | |
− | |||
This course will cover some of the newer aspects of penetration testing | This course will cover some of the newer aspects of penetration testing | ||
such as Open Source Intelligence Gathering with Maltego and other Open | such as Open Source Intelligence Gathering with Maltego and other Open | ||
Line 40: | Line 34: | ||
For more details see [[Training 1| Details on Crash Course in Penetration Testing]] | For more details see [[Training 1| Details on Crash Course in Penetration Testing]] | ||
+ | ==== Pricing==== | ||
+ | |||
+ | |||
+ | ===Web 2.0 Hacking – Attacks and Defense === | ||
+ | ====Instructor==== | ||
+ | Shreeraj Shah | ||
+ | ====Description==== | ||
+ | Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies. | ||
+ | |||
+ | The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Hacking 2.0 is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits. | ||
− | + | For more details see [[Training 2| Web 2.0 Hacking – Attacks and Defense]] | |
+ | |||
+ | ==== Pricing==== | ||
===Social engineering === | ===Social engineering === | ||
+ | |||
+ | ====Instructors==== | ||
+ | ====Description==== | ||
+ | ==== Pricing==== |
Revision as of 21:55, 24 May 2009
There will be trainings in the days prior to BruCON , by internationally renowned trainers and at good prices.
Contents
Registration details
Crash course in Penetration Testing
Instructors
Joe McCray, and Chris Gates
Description
This course will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.
Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.
Emphasis throughout the entire workshop will be placed on being as stealthy as possible, and dealing with popular defensive technologies such as:
- Network Intrusion Detection/Prevention Systems - Host-Based Intrusion Detection/Prevention Systems - Web Application Firewalls - Anti-Virus - Content-Filtering Proxies
Web Application penetration testing will be covered as well with focus on practical exploitation of cross-site scripting (XSS), cross-site request forgery (CSRF), local/remote file includes, and SQL Injection.
For more details see Details on Crash Course in Penetration Testing
Pricing
Web 2.0 Hacking – Attacks and Defense
Instructor
Shreeraj Shah
Description
Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.
The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Hacking 2.0 is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits.
For more details see Web 2.0 Hacking – Attacks and Defense