Training sessions present the most current methods for auditing and securing web applications. The course content follows a structure of tests, countermeasures, and coding practices that can be geared towards the needs of specific audiences such as application developers or security administrators. Real-life examples and in-depth coverage of the topic ensures that the information is relevant, detailed, and applicable to different web environments
Courses are hands-on, and include real-world scenarios and targets to build exposure and understanding of these threats, far exceeding the typical academic instruction on security. Our instructors bring all necessary course materials and technical infrastructure to provide the most comprehensive, real-world training possible.
Courses are designed so that, upon completion, students will understand:
  • The threat and nature of application security issues
  • Processes to mitigate risk, including assessment and auditing application environments
  • Secure architecture deployment, including secure coding practices and application layer countermeasures and defenses

Two-Day Course Content

Course content is derived from NTO's comprehensive audit methodology that has been developed by the co-author of Hacking Exposed: Web Applications and author of Hack Notes: Web Security. The instruction includes techniques that would be performed by anonymous, unauthenticated users through privilege escalation attacks from authenticated users. Other topics cover techniques that target vulnerabilities in the application's handling of data syntax, semantics, and logic. Syntax-based attacks include invalid input, buffer overflows, SQL injection, and cookie poisoning. The semantic and logical techniques focus on the misuse of URL parameters, insecure session ID generation, and lack of robust access controls. Each test technique is accompanied by countermeasures that can be applied via code, the web server, or network devices.