Home
About us
ISACA .org
ITGI
Members only
Join
Events
CISA
CISM
CGEIT
Bookstore
Board Members
Links
Contact us
Site Feedback
Site Map

 

This site is sponsored by

Home » Events » Event Details

Scotland Chapter Spring Event
"Remote Testing For Common Web Application Security Threats"

Objectives:
  • Understand the security threats facing web applications
  • Learn the tools and techniques to remotely validate a web application's security
  • Enhance secure programming practices by raising awareness and giving programmers the tools needed to audit their code from the user's perspective
Topics: Web Protocols Primer
  • Web protocols & standards (HTML, HTTP)
  • Session tracking and state mechanisms
  • HTTP authentication mechanisms
  • Tools for interception, manipulation, and analysis of web traffic
 
Common Web Application Security Threats
  • The Web Application Security Consortium (WASC) "Threat Classification" (http://www.webappsec.org/projects/threat/)
  • Classes of Attack; definitions and examples (including authentication, authorization, client-side attacks, command execution, information disclosure, and logic attacks)
  • The most popular forms of attack will be covered in the labs, such as Cross-site Scripting (XSS) and SQL  Injection
  • Remote tools and testing techniques for locating these vulnerabilities
  • Cross references to the OWASP Top Ten will be given
Speaker:

David Rhoades, Maven Security Consulting, Inc.
Requirements: You will need to bring your own laptop.  Please ensure you have full administrative rights to install virtual machines to carry out the training. You can also take away this software to practice furthe
Location: Edinburgh
Date:

19th March 2009
Time: 09.00 - 17.00
Cost: £199 for ISACA members
£249 for non-ISACA members.
To Book: http://www.isacascotland.eventbrite.com


Home | About usISACA.org | ITGI | Members onlyJoin | Events | CISA | CISM | CGEITBookstore | Board Members | Links | Contact us | Site Feedback | Site Map

Warning and Disclaimer. These web pages are designed to provide information about the ISACA Central UK Chapter and other information useful for those involved in information systems auditing or security. All effort has been made to make these web pages as complete as possible, but no warranty or suitability is implied. The information is provided on an "as is" basis. The ISACA Central UK Committee and its web service providers shall have no liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained on these web pages. Full Website Disclaimer and Privacy Policy

Send mail to webmaster@isaca-central.org.uk with questions or comments about this web site.
Copyright © 2007 ISACA Central UK Chapter. All rights reserved.
Website original design and construction: Tom Adey
Last modified: 26 Feb, 2009