Untitled Document

Certified Course By EC-Council

CAST 613-Advanced Application Security


Introduction :

Introducing the vulnerable
website, monitoring and composing requests using a common proxy like Fiddler,
Paros or Burp Suite. Modifying requests and responses in Fiddler to change what
goes out and what comes in before Browser Renders it.

Cryptography Decrypted :

Encryption – A Definition,
Password Policies and why they simply don’t work, Hashing, Digital Signatures,
Digital Certificate Levels, Working with SSL Certificates, IPSec, (PKI) Public
Key Infrastructure, Encryption: True-Crypt

Account Management :

Understanding the importance
of the strength of password and attack vectors, passing the Monkey Wrench Technique,
account enumeration, DOS via password reset, how to spot a Secure Web Site,
establishing insecure password storage, re-authenticating before key actions,
testing for authentication brute force.

Parameter Diddling :

Identifying untrusted data
in HTTP request parameters, capturing requests and using easy tools to manipulating
parameters, manipulating application logic via parameters, executing a mass
assignment attack, HTTP verb tampering, Fuzz testing.

Transport Layer Protection:

The three objectives of
transport layer protection understanding a man in the middle attack, protecting
sensitive data in transit, the risk of sending cookies over insecure connections,
how loading login forms over HTTP is risky, the HSTS header.

Cross Site Scripting
(XSS) :

Understanding untrusted
data and sanitization, establishing input sanitization practices, Understanding
XSS and output encoding, 3 types of XSS, Reflected, Stored and DOM, testing
for the risk of persistent XSS, the X-XSS-Protection header.

Cookies :

Cookies 101 – Everything
you wanted to know, session management understanding HTTP Only cookies, what
are they and why we should use them, understanding secure cookies. disabling
Cookies, restricting cookie access by path, reducing risk with cookies expiration.

Internal Implementation

How an attacker builds
a website risk profile, server response header disclosure, locating at-risk
websites, HTTP fingerprinting of servers, disclosure via robots.txt, risks in
HTML source.

SQL Injection:

Understanding SQL injection,
testing for injection risks, discovering database structure via injection, harvesting
data via injection, automating attacks with Havij, Blind SQL.

Cross Site Attacks:

Understanding cross site
attacks, testing for a cross site request forgery risk, the role of anti-forgery
tokens, testing cross site request forgery against APIs, mounting a clickjacking
attack .