|
Course Name: Certified Secure Web Application Engineer
Duration: 4 days
Language: English
Format:
• Instructor-led classroom
• Live Virtual Training
Prerequisites:
• Experience in at least 2 modules of the outline is beneficial but not required
Student Materials:
• Student Workbook
• Student CD
• Key Security Concepts & Definitions Book
• Quick Tips section, Summary section
• Questions and answers for each module
Attend live classes from anywhere in the world!
• Live presentations with powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-to-use toolbar.
• Application, file, and desktop sharing enable you to view live demonstrations.
• Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom.
• Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect.
• Public and private text chat allows for increased interactivity between students and instructor
|
 Graduates of the Mile2 Certified Secure Web Application Engineer training obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against threats.
Course Overview:
This course is designed to equip students with the knowledge and tools needed to identify and defend against security vulnerabilities in software applications.
Students will put theory to practice by completing real world labs that include testing applications for software vulnerabilities, identifying weaknesses in design through architecture risks analysis and threat modeling, conducting secure code reviews and more.
On the final day of training, students will complete a real world hacking exercise on a live web application.
Upon completion, attendees should have the skills to perform the following:
- Identify application security vulnerabilities in any software application
- Review software architecture diagrams and identify attack points
- Perform web application penetration testingDesign controls to defend against application vulnerabilities
- Identify vulnerabilities as they relate to the OWASP Top 10
- Perform advanced attacks against web applications
- Perform security code reviews
- Develop security test scripts
- Build a web hacking toolbox
- Integrate security best practices into the Software Development Lifecycle (SDLC)
- Communicate to both technical and non-technical individuals concerning application vulnerabilities
Objective Of Labs:
This is an intensive hands-on class; you will spend 50% of student class time performing labs focusing on both the OWASP model as well as the technicalities that detail PCI compliance in respects to secure coding.
Certified Secure Web Application Engineer Module Topics:
Module 0: Web Application Intro
Module 1: Software Security Explained
Module 2: Risk Management
Module 3: Secure Architecture Design
Module 4: OWASP Top 10
Module 5: Threat Modeling
Module 6: Software Security Vulnerabilities
Module 7: Other Vulnerabilities
Module 8: Overview of Secure Coding
Module 9: Secure Coding Principles
Module 10: Secure Software Development Lifecycle
Module 11: PCI Data Security Standard
Module 12: Web 2.0
Module 13: Other Key Items
Module 14: Selling Security to Management
Module 15: Web Application Penetration Testing
|
|
DETAILED MODULE DESCRIPTION
Day 1: CSWAE Overview
Module 1: Software Security Explained
Overview
What is Software Security?
Security Terms
Attack Vectors
Threats
Why Change?
Consumer Expectations
Business Responsibility
Consumer Expectations
Business Responsibility
Response?
Why Care About Security?
What is Software Security?
Software Security Methodology
Software Security
Why is Software Security so Tough?
The Rise of Insecure Software
Connectivity
Extensibility
Complexity
So what is the problem?
Challenges With Security
What can we do about it?
Layered Defense
Secure Coding Fundamentals
Software Security Methodology
Process Overview
What We Can Do About It?
Roles and Responsibilities
Developer’s Role
Module 2: Risk Management
Overview
Risk Management
Why ERM Is Important
Important Terms
The Importance of Risk Management
NIST
When Should it Start
Risk Management in the SDLC
Requirements Phase Tasks
Design Phase Tasks
Implementation Phase Tasks
Integrate / Release Phase Tasks
Risk Management Process
Know The Business
Identify Risks
Identify Assets and Value
Risk Analysis
Identify Threats and Risks
Determine Impacts
Impact vs. Cost to Mitigate
Classify Risks
Develop Mitigation Plan
Implement
Validating Fixes
Reporting Your Findings
Keys for Success
www.somap.org
Review
Module 3: Secure Architecture Design
Overview
Secure Architecture Design
Architecture and Design
Enterprise Security Architecture
Enterprise Architecture
Security Architecture – Multi-layer
SAL – Focus on Standardization
Design for Security
Architectural Design
Protection
What to Consider During Design
Design Guidelines
Design It Secure
The Economics of Software
Forces In Software
Design Considerations
Secure Product Development Timeline
Secure By Design
Design Considerations
The SD3 Framework
Understanding the Environment
Use of Encryption
Security in Layers
Buy vs. Build
Secure your data
Filters
Things to Remember
Review
Day 2 - The Threat Environment
Module 4: Recent Attacks and the OWASP Top 10
OWASP Guides
Common Vulnerabilities
Cross Site Scripting
XSS Example
Cross Site Scripting
Cross Site Scripting Attacks
XSS Example
Cross Site Request Forgery
Link Injection to Facilitate Cross Site Request Forgery
Injection Flaws
SQL Injection and Injection Flaws
Bobby Tables
SQL Injection Example in .NET
E-Commerce Web Site
E-Commerce Login
Demonstration
SQL Injection
SQL Injection Buggy Code
SQL Injection Countermeasures
Command Injection
SQL Injection
Why SQL “Injection”?
Blind SQL injection
SQL Connection Properties
SQL Injection: Enumeration
SQL Extended Stored Procedures
Shutting Down SQL Server
Business Impacts of SQL Injection
Finding and Fixing SQL Injection
Unvalidated Input
Unvalidated Input Illustrated
Business Impacts of Unvalidated Input
Finding and Fixing Unvalidated Input
Common Vulnerabilities
Buffer Overflow
Buffer Overflow Illustrated
Business Impacts of Buffer Overflows
Finding and Fixing Buffer Overflows
Improper Error Handling
Improper Error Handling Illustrated
Business Impacts of Improper Error Handling
Finding and Fixing Improper Error Handling
Session Hijacking
Session Management
Common Vulnerabilities
Session Hijacking
Broken Access Control
Broken Account and Session Management
Broken Authentication and Session Mgmt
Broken Authentication Illustrated
Business Impacts of Broken Authentication
Finding and Fixing Broken Authentication
Broken Access Control
Broken Access Control Illustrated
Where Does Access Control Typically Occur?
Business Impacts of Broken Access Control
Finding and Fixing Broken Access Control
Insecure Storage
Insecure Storage Illustrated
Business Impacts of Insecure Storage
Finding and Fixing Insecure Storage
Application Denial of Service
Application DOS Illustrated
Business Impacts of Application DOS
Finding and Fixing Application DOS
Insecure Configuration Management
Insecure Configuration Illustrated
Business Impacts of Insecure Configuration
Finding and Fixing Insecure Configuration
Attacks
Man-in-the Middle
Attacks
Information Integrity
Insufficient Anti-Automation
XML Poisoning
Malicious Code Execution
Malicious Code Execution Example
RSS Atom Injection
WSDL Scanning and Enumeration
Client side validation in AJAX routines
Web Service Routing Issues
Parameter Manipulation With SOAP
XPATH Injection SOAP message
RIA Client Binary Manipulation
Information Leakage
Web 2.0 Information Leakage
Application Denial of Service
Application Denial of Service Remediation
Application Level DOS
Real-World Test
Hacktics Results
Directory Traversal
Directory Listing
Insecure Software is Everywhere
Security Focus
SecurityFocus (Demo)
ISS (Demo)
Review
Module 5: Threat Modeling
Overview
Threat Modeling Overview
The Process
Identify Security Objectives
Application Review
Application Diagram
Application Decomposition
Identify Threats
Threat Modeling
Harmonized Threat and Risk Assessment Methodology
Framework for the Harmonized TRA Methodology
Example: Threat Graph
Example: Threat Tree
Threat Methodologies (STRIDE)
Spoofing Identity
Tampering With Data
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
Rank the Threats (DREAD)
How to Respond to Threats
Mitigating Threats
Review
Module 6: Software Security Vulnerabilities
Introduction
Application Test Script Detected
Cacheable SSL page
Cacheable SSL Page Remediation
Database Error Pattern Found
Database Error Message Found
Direct Access to Administration Pages
E-mail Address Pattern Found
HTML Comments Contain Sensitive Information
Internal IP Address Disclosure
Missing Secure Attribute in Encrypted Sessions
Possible Server Path Disclosure
Query Parameter found in SSL Request
Query Parameter Found in SSL Request
Unencrypted Login Request
Cross Site Scripting
XSS Example
Phishing
Phishing Web 2.0 Example
Injection Flaws
Cross Site Scripting
Cross Site Scripting Attacks
XSS Example
SQL Injection and Injection Flaws
Bobby Tables
SQL Injection Example in .NET
E-Commerce Web Site
E-Commerce Login
SQL Injection
Demonstration
SQL Injection Buggy Code
SQL Injection Countermeasures
Cross Site Request Forgery
Web-Based Email
Cross Site Request Forgery
Directory Traversal
Module 7 – Other Vulnerabilities
Introduction
HTTP Response Splitting
Application Input Restrictions Bypass
Hidden Directory Detected
Microsoft ASP Debugging Enabled
Sensitive Files Found
Unencrypted View
Where to Learn More
Phishing
Phishing Web 2.0 Example
Sensitive Data Leakage [CWE-0]
Information Leakage
Web 2.0 Information Leakage
Information Integrity
Insufficient Anti-Automation
XML Poisoning
Malicious Code Execution
RSS Atom Injection
WSDL Scanning and Enumeration
Client side validation in AJAX routines
Web Service Routing Issues
Parameter Manipulation with SOAP
XPATH Injection SOAP message
RIA Client Binary Manipulation
Two Types of Vulnerabilities
Activity Monitoring and Data Retrieval
Unauthorized Dialing, SMS, and Payments
Unauthorized Network Connectivity (exfiltration or command & control)
UI impersonation
System Modification (rootkit, APN, proxy config)
Logic or Time Bomb [CWE-]
Hardcoded Password/Keys [CWE-]
Summary
Day 3 - Secure Coding Principles & Practices
Module 8 - Overview of Secure Coding Principles
The Principles of Secure Development
Principle #1 – Input Validation
Possible Places to do Validation
Principle #3 – Improper Error Handling
Principle #4 – Authentication and Authorization
Principle #5 – Session Hijacking
Principle #6 – Secure Communications
Module 9 - Detailed Examination of Secure Coding Principles
Overview
Data Validation
Defending the Attack
Error and Exception Handling
Logging and Auditing
Authentication
Web Authentication Methods
Basic and Digest Authentication
Form Based Authentication
Certificate Based Authentication
Strong Authentication
Authorization
Review
Module 10 - Secure Software Development Lifecycle
Overview
Secure SDLC Overview
S-SDLC Overview
A Secure Process
Manager’s Point of View
Developer’s Point of View
Phases of The Development Lifecycle
Project Initiation/Concept
Requirements Gathering
Integration Through Risk Management
Principles
Process
Risk Assessment
Testing Methodologies
Integrating Testing in the Dev Lifecycle
Architecture and Design
Implementing Defense In-depth
Traceability Matrix
Things to Consider
Development
Testing
Unit Test
Testing
Implementation and Deployment
Maintenance
Review
Module 11 - PCI Data Security Standard
Payment Card Industry
PCI DSS Overview
PCI Overview
PCI-Requirement 6
Requirement 6.1
Requirement 6.2
Requirement 6.3
Requirement 6.4
Requirement 6.5
Requirement 6.6
Discussion
Summary
Security Audit Procedures
Compensating Controls
Summary
Module 12 - Security Web 2.0
Introduction
What is Web 2.0 and who uses it?
Classic Web Vs Ajax
Synchronous vs. Asynchronous
WEB 2.0 Target Application Layout
Web 2.0 Security Vulnerabilities
Web 2.0 Usability
Web 2.0 and No SSL
Web 2.0 and Remember Me
Web 2.0 and Social Engineering
Overpowered APIs and Duplicated Code
Outsourcing
Web 2.0 and Cutting Edge Technology
Web 2.0 and Trust
Web 2.0 Security Vulnerabilities
Systems Susceptible to Attacks
Insufficient Authentication Controls
Module 13 - Other Key Items
Overview
Other items - Integrated Systems
ISO 21827
Organizational Standard Processes
The CMMI Approach
International Standards--SSE-CMM
Integrated Systems
What is DMZ?
Classic Security Model
DNS
Middleware Defined
Integrated Systems Fundamental Requirements
What to Require
How do you select the correct security product?
The Software Market
The Market is Changing!
The Future
Module 14 - Selling Security to Management
Security is Challenging
Software Security is A Different World
Root Causes of Application Insecurity
Targeting the Root Causes
What to Recommend
Key Enhancements
Advanced Enhancements
Application Security
Capacity Scorecard
Compliance & Security
Integrated Requirements
Recommended Training
Review
Day 4- Web Application Penetration Testing
Module 15- Web Application Penetration Testing
Overview
Secure Code Review
Web Application Penetration Testing Overview
Quick Poll
Benefits of a Penetration Test
Article and Example of WAPT
Current Problems in WAPT
Learning Attack Methods
Developer’s Point of View
Progression of The Professional Hacker
What Information is gathered by the Hacker?
Methods of Obtaining Information
Physical Access
Social Access
Social Engineering Techniques
Digital Access
Passive vs. Active Reconnaissance
Footprinting Defined
Footprinting Tool: KartOO Website
Footprinting tools
Google and Query Operators
Instructor Demonstration
SPUD: Google API Utility Tool
Instructor Demonstration
Online Social Websites
Identity Theft and MySpace
Instant Messengers and Chats
Blogs, Forums & Newsgroups
Internet Archive:
The WayBack Machine
Domain Name Registration
WHOIS
WHOIS Output
Instructor Demonstration
DNS Databases
Using Nslookup
Dig for Unix / Linux
People Search Engines
Client Email Reputation
Web Server Info Tool: Netcraft
Countermeasure: Domainsbyproxy.com
Footprinting Countermeasures
Introduction to Port Scanning
Popular Port Scanning Tools
Port Scan Tips
Most Popular: BackTrack
Expected Results
Method: Ping
Stealth Online Ping
NMAP: Preferred Scanning Tool
Which Services use Which Ports?
OS Fingerprinting
Countermeasures: Scanning
Enumeration Overview
Web Server Banners
Practice: Banner Grabbing with Telnet
SuperScan 4 Tool: Banner Grabbing
Sc
SMTP Server Banner
DNS Enumeration
Web Application Penetration Methodologies
HTTrack Tool: Copying the website offline
Httprint Tool: Web Server Software ID
Instructor Demonstration
The Anatomy of a Web Application Attack
The Anatomy of a Web Application Attack
Web Attack Techniques
Cracking Techniques
Password Guessing
Brute Force Tools
Precomputation Detail
Cain and Abel’s Cracking Methods
Free Rainbow Tables
Password Sniffing
Changes In Software Development
Reality Check
Changes Required From Security Testers
Types of Penetration Testing
Penetration Testing Methodologies
FireFox – The ScriptKiddie’s Dream
Assessment Tool: Stealth HTTP Scanner
Acunetix Web Scanner
Wikto Web Assessment Tool
Instructor Demonstration
Tool: Paros Proxy
Instructor Demonstration
Tool: Burp Proxy
Fuzzers
Nessus
Nessus Report
SAINT – Sample Report
Hacking Tool: Metasploit
Direct Attacks Against a Database
Attacking Database Servers
Obtaining Sensitive Information
Hacking Tool: SQL Ping2
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
Oracle Security Expert
Hardening Databases
On the Horizon
Website Reviews
Review
|
|
|
|
DETAILED HANDS-ON LABORATORY SCENARIOS
Lab 1 – Getting Set Up
Exercise 1 – Naming and subnet assignments
Exercise 2 – Discovering your class share
Exercise 3 – VM Image Preparation
Exercise 4 – Discovering the Student Materials
Exercise 5 – PDF Penetration Testing Methodology review
Lab 2 – Information Gathering
Exercise 1 – Google Queries
Exercise 2 – Footprinting Tools
Exercise 3 – Getting everything you need with Maltego
Exercise 4 – Using Firefox for Pen Testing
Lab 3 – Detecting Live Systems
Exercise1 – Look@LAN
Exercise 2 – Zenmap
Exercise 3 – Zenmap in BackTrack 5
Exercise 4 – NMAP Command Line
Exercise 5– Hping2
Exercise 6 – Unicornscan
Lab 4 – Reconnaisance
Exercise 1 – Banner Grabbing
Exercise 2 – Zone Transfers
Exercise 3 – SNMP Enumeration
Exercise 4 – LDAP Enumeration
Exercise 5 – Null Sessions
Exercise 6– SMB Enumeration
Exercise 7 – SMTP Enumeration
Lab 5 – Hacking Web Applications
Exercise 1 – Access control flaws – Broken Access control
Exercise 2 – CSRF in .NET Framework
Exercise 3 – Improper Error Handling
Exercise 4 – Race conditions
Exercise 5 – Stack traces
Exercise 6 – Input Manipulation
Exercise 7 – Shoveling a Shell
Lab 6 - HP Test Fire demo http://zero.webappsecurity.com
Lab 7 – Doing a Scan on a WebService
Lab 8 – Vulnerability Software Scanning
artist: r4w8173
Latin to English translation — Alpha
APPENDIX
Lab 1 – CSRF in Java
Exercise 1 – Hacme Bank – Horizontal Privilege Escalation
Exercise 2 – Hacme Bank – Vertical Privilege Escalation
Exercise 3 – Hacme Bank – Cross Site Scripting
Lab 2 – Database Hacking
Exercise 1 – Hacme Bank – Login Bypass
Exercise 2 – Hacme Bank – Verbose Table Modification
Exercise 3– Hacme Books – Denial of Service
Exercise 4– Hacme Books– Data Tampering
Lab 3 - Linux Fundamentals
Exercise 1 – ifconfig
Exercise 2– Mounting a USB Thumb Drive
Exercise 3– Mount a Windows partition
Exercise 4 – VNC Server
Exercise 5– Preinstalled tools in BackTrack5
Executive Summary
Lab 4 - Web Application Assessment Details
http://demo.testfire.net/admin/
Vulnerability Recommendation
Lab 5 – Secure Code Review
|
|
+1 813-920-6799
mile2®
info[at]mile2.com
