Hacking Software - Attacker Techniques Exposed
Threats, Exploites and Vulnerabilities
The true threat: insiders and outsiders.
This 5-day class begins with examples of security breaches, to current day exploits and vulnerabilites of real software code. The case studies will illustrate the broad range of threats that organizations face from both external attackers as well as insiders. For each attack scenario, we will go through the underlying flaws, exploits, vulnerabilities, consequences and mitigation techniques.
A Must Have ClassesQ/SSE ® Qualified SW Security Expert 5-Day Bootcamp
Q/SSP ® Qualified SW Security Penetration Tester
SW Testing Onsite Bootcamp
How to Break & FIX Web Applications
How to Break and FIX Software
Fundamentals of Secure Software Programming
Q/SSH ® Qualified SW Security Hacker
Q/SSBT ® Qualified SW Security Testing Best Practices
Introduction to Reverse Engineering
|Time:||7:45am - 5pm|
|Location:||Click here to view the class schedule|
|Prerequisites:||Understanding of TCP/IP protocols|
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
Learning Level: Basic Programmer - Intermediate
Who Should Attend
Information Security and IT managers; Information Assurance Programmers; Information Security Analysts and Consultants; Internal Auditors and Audit Consultants; QA Specialists,
What Is CWE? Want more info on CWE?
Targeted to developers and security practitioners, CWE is a formal list of software weaknesses, idiosyncrasies, faults, and flaws created to:
Serve as a common language for describing the source code, software design, or software architecture causes of software security vulnerabilities.
Serve as a standard measuring stick for software security tools targeting these issues.
Provide a common baseline standard for identification, mitigation, and prevention of these weaknesses.
Click here for: What is CWE? PDF
Examine some trends in software vulnerabilities. Over the years, the industry has seen some distinct trends emerge in vulnerabilities. One of the most interesting is the fact that attackers have moved their assaults to the application layer instead of the network layer. This section examines those trends in detail.
Live vulnerability and exploit tour! This is the core of the class. In this section, attendees will go through a wide range of software vulnerabilities and labs to show sample exploits of these vulnerabilities live. Labs include: cross-site scripting, SQL injection, buffer overflows, format string vulnerabilities, and many others software vulnerabilities. Attendees gain awareness and key insights into these vulnerability type, the ease with which the attacker community can exploit them and what to do to prevent these critical attacks
Tools and Threats.
The threat is growing and so is the number of tools that lower the bar for attackers. This section takes the attendees inside the underground world of the attacker tools. WatchFire is the ultimate hacker defender..
Thinking Like the Attacker: Threat Modeling. A critical step in securing aoftware or system is to methodically think through threats. In this section we present several techniques for threat modeling and also walk the audience through the process of modeling threats against several systems.
Incorporating Threats Into Software/System Design, Development, Testing and Deployment. By thinking about threats at each stage of the development lifecycle, we can make software and systems that are more resilient to attack. Attendees will walk away with an introduction to tools and techniques to build security in.
*Class fees are subject to change