Advanced Web Hacking and Defense

Overview:

This class focuses on providing you hands-on experience of real world web attacks. You will learn the most common threats against web applications and updated advanced web exploitation techniques. Throughout the training, you will be exposed to how web application vulnerabilities can be exploited and learn to conduct web application risk assessment. This web application security training will help you to master the key concepts in website security, the OWASP top 10 web vulnerabilities and beyond.

Duration:  04 days
Objectives:

-     Enable you to understand and communicate the web application security risks associated with hacking and other exploits

-     Discover real-world web application hacking techniques and countermeasures

-     Sharpen up your technical skills and learn to fix the web application vulnerabilities

-     Learn to perform a web application security risk assessment and evaluate web application security threats and possible exploits

-     Enable you to develop and design a secure web application

-     Enable you to tackle real-life scenarios and apply new skills to the job with ease

Intended Audience:

-       Web application developers or architects

-       Web security professionals

-       Development managers

-       Penetration testers

-       Application security analysts

-       Information security professionals and anyone who is responsible in web application security

-       Data protection or tasked with building secure web applications.

Course outlines:

1. Introduction to Application Security

  • Context for Web Application Security
  • Application Vulnerabilities Overview
  • Secure Application Design Principles
  • Web Application Components
  • Web Application Security
  • Identity and Access Management

2. HTTP BASICS

  • Web Application Behavior
  • HTTP Headers
  • GET VS POST
  • HTTP GET Request
  • HTTP POST Request
  • HTTP PUT Request
  • HTTP PATCH Request
  • HTTP DELETE Request
  • Transporting Sensitive Data
  • HTTP Response Headers
  • HTTP Response Set-Cookie Header
  • HTTP Response Security Headers
  • Content Security Policy

3. Input Validation

  • Data Validation
  • Exact Match Validation
  • Known Good Validation
  • Regular Expression
  • Data Validation Techniques
  • Known Bad Validation
  • Bounds Checking
  • Native Validation Controls
  • Escaping vs. Rejecting
  • Input Based Attacks
  • Parameter Manipulation
  • Defenses against Parameter Manipulation

4. SQL and Other Injection

  • SQL Injection Attack Types
  • SQL Error Messages
  • Anatomy of SQL Injection Attack
  • String Building to Call Stored Procedures
  • Identifying SQL Injection Points
  • Advanced SQLi: Blind
  • Advanced SQLi: Timing Attacks
  • Defending Against SQL Injection
  • Parameterized Queries
  • Insecure Stored Procedure (MSSQL)
  • Stored Procedures and SQL Injection
  • Restricting Default Database Permissions
  • Database Principle of Least Privilege
  • File and OS Command Injection
  • Arbitrary File Upload
  • File Path Traversal Attacks
  • Object Lookup Maps and Access Control
  • Operating System Interaction
  • Command Injection
  • Defenses against OS Interaction Attacks
  • PHP Command and Code Injection
  • LDAP Injection
  • Defenses against LDAP Injection

5. Authentication and Session Management

  • Entity authentication
  • Authentication Session
  • Session Identifiers
  • Credential Security
  • Login and Session Security
  • Cookie Options and Security
  • Logout/Session Defense
  • Basic Password Defenses
  • Password Storage Crypto Defense
  • Leverage an adaptive KDF
  • Leverage Keyed Protection Solution
  • Forgot Password Secure Design
  • Federated Identity and SAML
  • Multi Factor Authentication
  • Basic MFA Considerations
  • Authentication Control Flow Flaws
  • Session Management Code Review
  • Session Management Solution
  • ASVS 2 Authentication Requirements
  • ASVS 2 Session Management Requirements

6. Web Application Access Control Design

  • Principle of Least Privilege (POLP)
  • Access Control / Authorization
  • Role Based Access Control
  • Attacks on Access Control
  • Access Control Anti-Patterns
  • Access Control Best Practices
  • SQL Integrated Access Control
  • Authorization Models
  • Data Contextual Access Control
  • Apache SHIRO
  • Role Based Access Control Enforcement Points
  • Permission Based Access Control Enforcement Points
  • Basic Data Contextual Access Control Schema
  • ASVS 2 Access Control Requirements

7. Content Spoofing and HTML Hacking

  • Content Spoofing
  • Image Tag Injection
  • Form rerouting
  • <base> jumping
  • Element Override
  • Hanging <textarea>

8. Basic XSS Defense

  • XSS (Cross-site Scripting)
  • XSS Attack Payload Types
  • XSS Variants
  • Reflected XSS
  • Persistent/Stored XSS
  • DOM-Based XSS (Client-side XSS)
  • Danger: XSS Weak Defense Used
  • XSS Defense: The Solution
  • HTML Entity Encoding
  • Best Practice: Validate and Encode
  • XSS Defense by Data Type and Context
  • OWASP Java Encoder Project
  • Microsoft Encoder and AntiXSS Library
  • XSS in HTML Body
  • XSS in HTML Attributes
  • HTML Attribute Context
  • Handling Untrusted URL’s
  • Validating Untrusted URL’s
  • XSS in JavaScript Context
  • XSS in the Style Tag
  • XSS Defense for CSS Context
  • Dangerous Contexts

9. Advanced XSS Defense

  • HTML Sanitization and XSS
  • OWASP HTML Sanitizer Project
  • HTML Sanitizers by Language
  • DOM Based XSS Defense
  • Dangerous JavaScript Sinks
  • Dangerous jQuery!
  • jQuery API’s and XSS
  • Client Side Context Sensitive Output Escaping
  • JQuery Encoding with JQencoder
  • OWASP JSON Sanitizer Project
  • Server Side JSON Sanitization
  • Sandboxing
  • X-Xss-Protection
  • Content Security Policy

10. Content Security Policy (CSP)

  • CSP Features
  • Steps for success
  • Make a plan
  • Apply CSP client-side
  • How to apply CSP
  • Reporting
  • Checklist
  • Open issues

11. Clickjacking

  • X-Frame-Options HTTP Response Headers
  • X-Frame-Options Browser Support
  • Clickjacking Defense ASP.NET
  • Legacy Browser Clickjacking Defense

12Cross Site Request Forgery (CSRF)

  • CSRF Defenses and Their Side Effects
  • Anatomy of an Attack
  • Attacking Sensitive Transactions
  • Anatomy of an CSRF Attack
  • Systems Reported with CSRF Vulnerabilities
  • CSRF within the Internal Network
  • CSRF Defense Strategies
  • Synchronizer Token Pattern
  • Double Submit Cookies
  • Challenge Response
  • Check Referrer Header
  • Cookie Forcing

13. Introduction to Cryptography

  • Common Uses of Cryptography
  • Confidentiality and Integrity
  • Cryptographic Mechanisms
  • Cryptographic Hash Functions
  • Defenses: Salting Hashes
  • Offline Hash Attacks
  • Keyed vs Unkeyed Hashing
  • Message Integrity Codes (MICs)
  • Message Authentication Codes (MACs)
  • Keyed-Hash Message Authentication Codes (HMACs)
  • Ciphers
  • Encryption / Decryption: Threat Sources
  • Basic Steps for Encryption
  • Recommended Cipher Algorithms
  • Recommendations for Cipher Key Size
  • Symmetric Encryption
  • Cryptographic Algorithms
  • Symmetric Block Ciphers: Cipher Modes
  • Electronic Codebook
  • Block Cipher Padding
  • Encryption using .NET
  • Encryption using Java Cryptography Extension
  • Java Cipher Objects
  • Asymmetric Encryption
  • Digital Envelopes
  • Asymmetric Ciphers: Key Generation
  • Asymmetric Ciphers: Signing
  • Digital Signatures
  • Digital Certificates
  • Cryptographic Modes
  • Stream Ciphers
  • Asymmetric Ciphers
  • Cryptographically Random Number Generator (CRNG)
  • Randomness
  • Dual_EC_DRBG
  • Google KeyCzar
  • Home Grown Encryption

14. HTTPS Best Practices

  • Secure Sockets Layer (SSL)
  • SSL Workflow
  • SSL Certificates
  • SSL Protocols
  • Fixing HTTPS and the CA System
  • HTTP Strict Transport Security (HSTS)
  • Certificate Pinning
  • Browser-Based TOFU Pinning
  • Perfect Forward Secrecy

15. HTML 5 and CORS Security Considerations

  • Cross Domain Messaging
  • CORS (Cross Origin Resource Sharing)
  • Same-Origin Policy (SOP)
  • GET
  • PUT/DELETE
  • CORS – Preflight
  • Preflight Request
  • HTML Imports
  • WebSockets
  • AngularJS Pitfalls
  • HTML5 Sinks
  • Local Storage
  • iFrame Sandboxing

16. Form Processing and Workflows

  • <form>
  • Form Processing Types
  • Form Processing Basic Client Side Controls
  • HTTP Request: GET vs POST
  • <base> jumping
  • Form Processing
  • Basic Authentication and Session Management
  • Input Based Attacks
  • Escaping vs. Rejecting
  • Data Validation and Error Processing
  • App Layer Intrusion Detection
  • Data Contextual Access Control
  • Parameterized Queries
  • Java Prepared Statement
  • .NET Parameterized Query
  • HQL Injection Protection
  • SQL Injection Protection for ASP.NET and Ruby
  • Cold Fusion and Perl Parameterized Queries
  • Transaction Token Verification
  • CSRF within the Internal Network
  • Synchronizer Token Pattern
  • X-Frame-Options HTTP Response Headers
  • Google KeyCzar
  • Basic eCommerce

17. Application Layer Intrusion Detection

  • OWASP AppSensor (Java)

18. Secure Software Development Lifecycle

  • Security in the SDLC
  • SDLC building blocks
  • Security requirements
  • OWASP Application Security Verification Standard (ASVS)
  • ASVS 2 Authentication Requirements
  • Agile Principles
  • Agile Workflow
  • Agile Security
  • Non-Functional Requirements
  • Secure Coding Guidelines
  • Secure Coding Checklist
  • Static Code Analysis (SCA)
  • Dynamic Code Analysis
  • Risk Tracking
  • ThreadFix
  • Simple Risk
  • Học tại Hồ Chí Minh

  • Học tại Hà Nội

  • Học trực tuyến


Các khóa học khác