Course Name: Certified Secure Web Application Engineer

Duration: 4 days

Language: English

Format:
• Instructor-led classroom
• Live Virtual Training

Prerequisites:
• Experience in at least 2 modules of the outline is beneficial but not required

Student Materials:
• Student Workbook
• Student CD
• Key Security Concepts & Definitions Book
• Quick Tips section, Summary section
• Questions and answers for each module

Attend live classes from anywhere in the world!

• Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-to-use toolbar.
• Application, file, and desktop sharing enable you to view live demonstrations.
• Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom.
• Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect.
• Public and private text chat allows for increased interactivity between students and instructor

Graduates of the mile2 Certified Secure Web Application Engineer training obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against threats.

Course Overview:
Web applications are increasingly more sophisticated and as such, they are critical to almost all major online businesses. As more applications are web enabled, the number of web application security issues will increase, traditional local system vulnerabilities, such as directory traversals, overflows and race conditions, are opened up to new vectors of attack.

The responsibility for the security of sensitive systems will rest increasingly with the web developer, rather than the vendor or system administrator. As with most security issues involving client/server communications, Web application vulnerabilities generally stem from improper handling of client requests and/or a lack of input validation checking on the part of the developer.

The mile2 Certified Secure Web Application Engineer training teaches students to detect various security issues with web applications and identify vulnerabilities and risks..

Objective Of Labs:
This is an intensive hands-on class; you will spend 60% of student class time performing labs focusing on both the OWASP model as well as the technicalities that detail PCI compliance in respects to secure coding.

Certified Secure Web Application Engineer Module Topics:

DETAILED MODULE DESCRIPTION Day 1: CSWAE Overview Module 1: Software Security Explained Overview What is Software Security? Security Terms Attack Vectors Threats Why Change? Consumer Expectations Business Responsibility Consumer Expectations Business Responsibility Response? Why Care About Security? What is Software Security? Software Security Methodology Software Security Why is Software Security so Tough? The Rise of Insecure Software Connectivity Extensibility Complexity So what is the problem? Challenges With Security What can we do about it? Layered Defense Secure Coding Fundamentals Software Security Methodology Process Overview What We Can Do About It? Roles and Responsibilities Developer’s Role Module 2: Risk Management Overview Risk Management Why ERM Is Important Important Terms The Importance of Risk Management NIST When Should it Start Risk Management in the SDLC Requirements Phase Tasks Design Phase Tasks Implementation Phase Tasks Integrate / Release Phase Tasks Risk Management Process Know The Business Identify Risks Identify Assets and Value Risk Analysis Identify Threats and Risks Determine Impacts Impact vs. Cost to Mitigate Classify Risks Develop Mitigation Plan Implement Validating Fixes Reporting Your Findings Keys for Success www.somap.org Review Module 3: Secure Architecture Design Overview Secure Architecture Design Architecture and Design Enterprise Security Architecture Enterprise Architecture Security Architecture – Multi-layer SAL – Focus on Standardization Design for Security Architectural Design Protection What to Consider During Design Design Guidelines Design It Secure The Economics of Software Forces In Software Design Considerations Secure Product Development Timeline Secure By Design Design Considerations The SD3 Framework Understanding the Environment Use of Encryption Security in Layers Buy vs. Build Secure your data Filters Things to Remember Review Day 2 - The Threat Environment Module 4: Recent Attacks and the OWASP Top 10 OWASP Guides Common Vulnerabilities Cross Site Scripting XSS Example Cross Site Scripting Cross Site Scripting Attacks XSS Example Cross Site Request Forgery Link Injection to Facilitate Cross Site Request Forgery Injection Flaws SQL Injection and Injection Flaws Bobby Tables SQL Injection Example in .NET E-Commerce Web Site E-Commerce Login Demonstration SQL Injection SQL Injection Buggy Code SQL Injection Countermeasures Command Injection SQL Injection Why SQL “Injection”? Blind SQL injection SQL Connection Properties SQL Injection: Enumeration SQL Extended Stored Procedures Shutting Down SQL Server Business Impacts of SQL Injection Finding and Fixing SQL Injection Unvalidated Input Unvalidated Input Illustrated Business Impacts of Unvalidated Input Finding and Fixing Unvalidated Input Common Vulnerabilities Buffer Overflow Buffer Overflow Illustrated Business Impacts of Buffer Overflows Finding and Fixing Buffer Overflows Improper Error Handling Improper Error Handling Illustrated Business Impacts of Improper Error Handling Finding and Fixing Improper Error Handling Session Hijacking Session Management Common Vulnerabilities Session Hijacking Broken Access Control Broken Account and Session Management Broken Authentication and Session Mgmt Broken Authentication Illustrated Business Impacts of Broken Authentication Finding and Fixing Broken Authentication Broken Access Control Broken Access Control Illustrated Where Does Access Control Typically Occur? Business Impacts of Broken Access Control Finding and Fixing Broken Access Control Insecure Storage Insecure Storage Illustrated Business Impacts of Insecure Storage Finding and Fixing Insecure Storage Application Denial of Service Application DOS Illustrated Business Impacts of Application DOS Finding and Fixing Application DOS Insecure Configuration Management Insecure Configuration Illustrated Business Impacts of Insecure Configuration Finding and Fixing Insecure Configuration Attacks Man-in-the Middle Attacks Information Integrity Insufficient Anti-Automation XML Poisoning Malicious Code Execution Malicious Code Execution Example RSS Atom Injection WSDL Scanning and Enumeration Client side validation in AJAX routines Web Service Routing Issues Parameter Manipulation With SOAP XPATH Injection SOAP message RIA Client Binary Manipulation Information Leakage Web 2.0 Information Leakage Application Denial of Service Application Denial of Service Remediation Application Level DOS Real-World Test Hacktics Results Directory Traversal Directory Listing Insecure Software is Everywhere Security Focus SecurityFocus (Demo) ISS (Demo) Review Module 5: Threat Modeling Overview Threat Modeling Overview The Process Identify Security Objectives Application Review Application Diagram Application Decomposition Identify Threats Threat Modeling Harmonized Threat and Risk Assessment Methodology Framework for the Harmonized TRA Methodology Example: Threat Graph Example: Threat Tree Threat Methodologies (STRIDE) Spoofing Identity Tampering With Data Repudiation Information Disclosure Denial of Service Elevation of Privilege Rank the Threats (DREAD) How to Respond to Threats Mitigating Threats Review Module 6: Software Security Vulnerabilities Introduction Application Test Script Detected Cacheable SSL page Cacheable SSL Page Remediation Database Error Pattern Found Database Error Message Found Direct Access to Administration Pages E-mail Address Pattern Found HTML Comments Contain Sensitive Information Internal IP Address Disclosure Missing Secure Attribute in Encrypted Sessions Possible Server Path Disclosure Query Parameter found in SSL Request Query Parameter Found in SSL Request Unencrypted Login Request Cross Site Scripting XSS Example Phishing Phishing Web 2.0 Example Injection Flaws Cross Site Scripting Cross Site Scripting Attacks XSS Example SQL Injection and Injection Flaws Bobby Tables SQL Injection Example in .NET E-Commerce Web Site E-Commerce Login SQL Injection Demonstration SQL Injection Buggy Code SQL Injection Countermeasures Cross Site Request Forgery Web-Based Email Cross Site Request Forgery Directory Traversal Module 7 – Other Vulnerabilities Introduction HTTP Response Splitting Application Input Restrictions Bypass Hidden Directory Detected Microsoft ASP Debugging Enabled Sensitive Files Found Unencrypted View Where to Learn More Phishing Phishing Web 2.0 Example Sensitive Data Leakage [CWE-0] Information Leakage Web 2.0 Information Leakage Information Integrity Insufficient Anti-Automation XML Poisoning Malicious Code Execution RSS Atom Injection WSDL Scanning and Enumeration Client side validation in AJAX routines Web Service Routing Issues Parameter Manipulation with SOAP XPATH Injection SOAP message RIA Client Binary Manipulation Two Types of Vulnerabilities Activity Monitoring and Data Retrieval Unauthorized Dialing, SMS, and Payments Unauthorized Network Connectivity (exfiltration or command & control) UI impersonation System Modification (rootkit, APN, proxy config) Logic or Time Bomb [CWE-] Hardcoded Password/Keys [CWE-] Summary Day 3 - Secure Coding Principles & Practices Module 8 - Overview of Secure Coding Principles The Principles of Secure Development Principle #1 – Input Validation Possible Places to do Validation Principle #3 – Improper Error Handling Principle #4 – Authentication and Authorization Principle #5 – Session Hijacking Principle #6 – Secure Communications Module 9 - Detailed Examination of Secure Coding Principles Overview Data Validation Defending the Attack Error and Exception Handling Logging and Auditing Authentication Web Authentication Methods Basic and Digest Authentication Form Based Authentication Certificate Based Authentication Strong Authentication Authorization Review Module 10 - Secure Software Development Lifecycle Overview Secure SDLC Overview S-SDLC Overview A Secure Process Manager’s Point of View Developer’s Point of View Phases of The Development Lifecycle Project Initiation/Concept Requirements Gathering Integration Through Risk Management Principles Process Risk Assessment Testing Methodologies Integrating Testing in the Dev Lifecycle Architecture and Design Implementing Defense In-depth Traceability Matrix Things to Consider Development Testing Unit Test Testing Implementation and Deployment Maintenance Review Module 11 - PCI Data Security Standard Payment Card Industry PCI DSS Overview PCI Overview PCI-Requirement 6 Requirement 6.1 Requirement 6.2 Requirement 6.3 Requirement 6.4 Requirement 6.5 Requirement 6.6 Discussion Summary Security Audit Procedures Compensating Controls Summary Module 12 - Security Web 2.0 Introduction What is Web 2.0 and who uses it? Classic Web Vs Ajax Synchronous vs. Asynchronous WEB 2.0 Target Application Layout Web 2.0 Security Vulnerabilities Web 2.0 Usability Web 2.0 and No SSL Web 2.0 and Remember Me Web 2.0 and Social Engineering Overpowered APIs and Duplicated Code Outsourcing Web 2.0 and Cutting Edge Technology Web 2.0 and Trust Web 2.0 Security Vulnerabilities Systems Susceptible to Attacks Insufficient Authentication Controls Module 13 - Other Key Items Overview Other items - Integrated Systems ISO 21827 Organizational Standard Processes The CMMI Approach International Standards--SSE-CMM Integrated Systems What is DMZ? Classic Security Model DNS Middleware Defined Integrated Systems Fundamental Requirements What to Require How do you select the correct security product? The Software Market The Market is Changing! The Future Module 14 - Selling Security to Management Security is Challenging Software Security is A Different World Root Causes of Application Insecurity Targeting the Root Causes What to Recommend Key Enhancements Advanced Enhancements Application Security Capacity Scorecard Compliance & Security Integrated Requirements Recommended Training Review Day 4- Web Application Penetration Testing Module 15- Web Application Penetration Testing Overview Secure Code Review Web Application Penetration Testing Overview Quick Poll Benefits of a Penetration Test Article and Example of WAPT Current Problems in WAPT Learning Attack Methods Developer’s Point of View Progression of The Professional Hacker What Information is gathered by the Hacker? Methods of Obtaining Information Physical Access Social Access Social Engineering Techniques Digital Access Passive vs. Active Reconnaissance Footprinting Defined Footprinting Tool: KartOO Website Footprinting tools Google and Query Operators Instructor Demonstration SPUD: Google API Utility Tool Instructor Demonstration Online Social Websites Identity Theft and MySpace Instant Messengers and Chats Blogs, Forums & Newsgroups Internet Archive: The WayBack Machine Domain Name Registration WHOIS WHOIS Output Instructor Demonstration DNS Databases Using Nslookup Dig for Unix / Linux People Search Engines Client Email Reputation Web Server Info Tool: Netcraft Countermeasure: Domainsbyproxy.com Footprinting Countermeasures Introduction to Port Scanning Popular Port Scanning Tools Port Scan Tips Most Popular: BackTrack Expected Results Method: Ping Stealth Online Ping NMAP: Preferred Scanning Tool Which Services use Which Ports? OS Fingerprinting Countermeasures: Scanning Enumeration Overview Web Server Banners Practice: Banner Grabbing with Telnet SuperScan 4 Tool: Banner Grabbing Sc SMTP Server Banner DNS Enumeration Web Application Penetration Methodologies HTTrack Tool: Copying the website offline Httprint Tool: Web Server Software ID Instructor Demonstration The Anatomy of a Web Application Attack The Anatomy of a Web Application Attack Web Attack Techniques Cracking Techniques Password Guessing Brute Force Tools Precomputation Detail Cain and Abel’s Cracking Methods Free Rainbow Tables Password Sniffing Changes In Software Development Reality Check Changes Required From Security Testers Types of Penetration Testing Penetration Testing Methodologies FireFox – The ScriptKiddie’s Dream Assessment Tool: Stealth HTTP Scanner Acunetix Web Scanner Wikto Web Assessment Tool Instructor Demonstration Tool: Paros Proxy Instructor Demonstration Tool: Burp Proxy Fuzzers Nessus Nessus Report SAINT – Sample Report Hacking Tool: Metasploit Direct Attacks Against a Database Attacking Database Servers Obtaining Sensitive Information Hacking Tool: SQL Ping2 Hacking Tool: osql.exe Hacking Tool: Query Analyzers Hacking Tool: SQLExec Oracle Security Expert Hardening Databases On the Horizon Website Reviews Review

DETAILED HANDS-ON LABORATORY SCENARIOS

Lab 1 – Getting Set Up
Exercise 1 – Naming and subnet assignments
Exercise 2 – Discovering your class share
Exercise 3 – VM Image Preparation
Exercise 4 – Discovering the Student Materials
Exercise 5 – PDF Penetration Testing Methodology review
Lab 2 – Information Gathering
Exercise 1 – Google Queries
Exercise 2 – Footprinting Tools
Exercise 3 – Getting everything you need with Maltego
Exercise 4 – Using Firefox for Pen Testing
Lab 3 – Detecting Live Systems
Exercise1 – Look@LAN
Exercise 2 – Zenmap
Exercise 3 – Zenmap in BackTrack 5
Exercise 4 – NMAP Command Line
Exercise 5– Hping2
Exercise 6 – Unicornscan
Lab 4 – Reconnaisance
Exercise 1 – Banner Grabbing
Exercise 2 – Zone Transfers
Exercise 3 – SNMP Enumeration
Exercise 4 – LDAP Enumeration
Exercise 5 – Null Sessions
Exercise 6– SMB Enumeration
Exercise 7 – SMTP Enumeration
Lab 5 – Hacking Web Applications
Exercise 1 – Access control flaws – Broken Access control
Exercise 2 – CSRF in .NET Framework
Exercise 3 – Improper Error Handling
Exercise 4 – Race conditions
Exercise 5 – Stack traces
Exercise 6 – Input Manipulation
Exercise 7 – Shoveling a Shell
Lab 6 - HP Test Fire demo http://zero.webappsecurity.com
Lab 7 – Doing a Scan on a WebService
Lab 8 – Vulnerability Software Scanning
artist: r4w8173
Latin to English translation — Alpha


APPENDIX
Lab 1 – CSRF in Java
Exercise 1 – Hacme Bank – Horizontal Privilege Escalation
Exercise 2 – Hacme Bank – Vertical Privilege Escalation
Exercise 3 – Hacme Bank – Cross Site Scripting
Lab 2 – Database Hacking
Exercise 1 – Hacme Bank – Login Bypass
Exercise 2 – Hacme Bank – Verbose Table Modification
Exercise 3– Hacme Books – Denial of Service
Exercise 4– Hacme Books– Data Tampering
Lab 3 - Linux Fundamentals
Exercise 1 – ifconfig
Exercise 2– Mounting a USB Thumb Drive
Exercise 3– Mount a Windows partition
Exercise 4 – VNC Server
Exercise 5– Preinstalled tools in BackTrack5
Executive Summary
Lab 4 - Web Application Assessment Details
http://demo.testfire.net/admin/
Vulnerability Recommendation
Lab 5 – Secure Code Review