Chairman,

Information and Communications Technology Special Interest Group,

The Institution of Engineers Malaysia,
Lots 60 & 62, Jalan 52/4, P.O. Box 223 (Jalan Sultan),
46720 Petaling Jaya, Selangor Darul Ehsan
Tel: 03-7968 4001/2 Fax to 03-7957 7678
Email: norshafiqah@iem.org.my

Website: www.iem.org.com

The Institution of Engineers, Malaysia

IEMICTSIG

REGISTRATION FORM
Two-Day Workshop On Web Application Penetration Testing for Beginners
25 26 January 2014 at Wisma IEM, Petaling Jaya
Closing Date : 21 JANUARY 2014
No

Name(s)

Mship No.

Grade

Fee (RM)*

Total Payable
*Fees MUST be fully paid BEFORE the CLOSING DATE. Seats could only be confirmed upon payment.

Enclosed herewith a crossed cheque No: ______________________for the sum of RM ___________

issued in favour of The Institution of Engineers, Malaysia and crossed A/C payee only. I/We
understand that the fee is not refundable if I/We withdraw after my/our application is accepted by the
Organising Committee as stated in the cancellation term. If I/We fail to attend the seminar, the paid
registration fee will not be refunded.
Contact Person: _______________________________________________ Designation:_____________________
Name of Organization: __________________________________________________________________________
Address: _____________________________________________________________________________________

TWO-DAY WORKSHOP ON
WEB APPLICATION PENETRATION TESTING
FOR BEGINNERS
Organised By:
Information and Communications Technology Special Interest Group, IEM
Date : 25 26 January 2014 (Saturday & Sunday)
Venue : C&S and TUS Lecture Room, 2nd Floor
Wisma IEM, Petaling Jaya, Selangor
Time : 9.00 a.m. - 5.30 p.m.

REGISTRATION FEE
IEM Student Member
IEM Graduate Member
IEM Corporate Member
Non IEM Member

_________________________________ (H) ____________________________________ (HP)

Email: ______________________________________________________________________________________

____________________________________
Signature & Stamp

________________________________
Date
Photocopies are acceptable

On-line
RM 250.00
RM 500.00
RM 800.00
RM1100.00

Normal
RM 280.00
RM 600.00
RM 900.00
RM1200.00

PREREQUISITES
As this is a hands on workshop, participants are required to bring your own notebooks with the
following specifications:
1. 4GB Ram with high-end processor
2. 60 GB free hard disk space
3. Operating System : Linux (Ubuntu) or Windows 7
Note: Participant notebooks will be loaded with a virtual machine software at the beginning of the
training session and Windows 8 is not to be used due to compatibility problems with this virtual
machine software.

_____________________________________________________________________________________
Telephone No.: _________________________________(O) ___________________________________ (Fax)

:
:
:
:

LIMITED TO 20
PARTICIPANTS
ONLY

IMPORTANT NOTES

BEM Approved CPD/PDP Hours: 14

Ref No: IEM13/HQ/354/W

Closing Date : 21st JANUARY 2014 (TUESDAY)

For ONLINE REGISTRATION, payment MUST BE MADE VIA ONLINE PAYMENT [via RHB Now and Maybank2u -Personal
Saving & Personal Current; Any Credit Card - Visa/Master]. If payment is not received within the stipulated time, the
registration fee will automatically be reverted to the normal fee.
Payment via CASH/CHEQUE/BANK-IN TRANSMISSION/BANK DRAFT/MONEY ORDER/ POSTAL
ORDER/LOU/LOG/WALK IN will be considered as NORMAL REGISTRATION
FULL PAYMENT must be settled before commencement of the event, otherwise participants will not be allowed to enter
the hall. If a place is reserved and the intended participant fails to attend the course, the fee is to be settled in full. If the
participant failed to attend the course, the fee paid is non-refundable. IEM reserve the right to reject any LOU/LOG not in
accordance with these instructions.
The Organising Committee reserves the right to alter or change the programme due to unforeseen circumstances.

Synopsis
Most of us will not pass a single day without browsing a website, whether it is for business, education or
entertainment. Some of us, or the companies we own, or the companies work for either have a website,
portal or a blog site to make a web presence. However such web presence do attract visitors of a
different kind, ie those who want to illegally access restricted areas of websites for various reasons;
right from simple defacing of the websites, extraction of competitive data or data that has commercial
value to other interested parties, and also corruption of data that may result in disruption of the
organizations services.

Course Schedule &Outline

Day 1

Day 2

08:15
09.00

Course Registration

09.00
10:45

Setup virtual machine on notebooks

Penetration Testing

Web Application Architecture

Brief about HTML

Web Client

Web Server

Database

09.00
10:45

10:45
11:00

Tea Break

10:45
11:00

There are many methods that a companys ICT infrastructure and applications can be compromised. This
workshop covers only the penetration of web applications and does not include penetration into other
ICT infrastructure components like switches, firewalls and VPNs.

11:00
13:00

Penetration Testing (contd)

Methodology of Web Attack

Attack Web Servers

Attack Authentication
Mechanism

Attack Authorization Schemes

Perform Functional Analysis

11:00
13:00

Benefits

Gain an overview of web application architecture and features.

Understanding of what are the common shortcomings in web design that can be exploited or that can expose
the web application to security compromises.

Understand the various methods of attack and common entry points on web applications.

Understand precautionary measures on security as a user of web applications and the Internet.

Appreciate simple but effective preventive measures to secure web applications.

Ability to use readily available tools for quick diagnosis of company or own web applications.

Enable detection of possible web application compromises.

13:00
14:00

Lunch Break

13:00
14:00

This workshop which comprises lectures and hands on exercises by participants using their own
notebooks,will provide an overview of web architecture, common web attack and penetration methods,
and tools used for attacks and penetration. Participants should at least be able to acquire the basic
understanding and basic skills needed to assess the security of their own websites and portals as well as
to exercise precautionary measures in their own web surfing activities and tightening security measures
where applicable.

Who Could Benefit From The Workshop

Internet users and especially engineers or owners and employees of companies who have a website or
portal whether for internal use (Intranet) or for public access or public visibility. Also for owners of blogs.

14:00
16:00

Methodology of Web Attack

(contd)
Exploit the Data Connectivity
Attack the Management
Interfaces
Attack the Client
Launch a Denial-of-Service
Attack

16:00
16:15

Tea Break

16:15
17:30

Reconnaissance / Profiling /

Server Discovery

Footprinting

DNS Interrogation

Ping

Discovery Using Port Scanning

Dealing with Virtual Servers

14:00
16:00

16:00
16:15

16:15
17:30

Recap Day 1
Reconnaissance / Profiling / (contd)

Service Discovery

Server Identification

Dealing with SSL

Tea Break
Server-side Attack

Using Automated Vulnerability

Scanning Software

Nikto

WebInspect

Nexpose / Metasploit
Lunch Break
Client-side Attacks

SET

Metasploit
Attacking Authentication

Brute Forcing Web Authenticated

Site
Tea Break
Executive Report

What is included in the report

Remediation steps

Recommendations

About The Workshop Leader

Mr. Kirby Chong, has more than 10 years of experiences in the IT industry in Malaysia and Indonesia focusing on
open source platform core Internet services, deploying, managing, hardening production servers, securing
servers from intruder attacks from both internal and external sources.
Kirby is a qualified trainer by EC-Council (International Council of Electronic Commerce Consultants
www.eccouncil.org) Malaysia and conducts training on Certified Ethical Hacking (CEH), Certified Hacking Forensic
Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA) which are all related to cyber security. He has
been working with several companies whose clients include several top banks in Malaysia and Singapore.

Cancellation Policy

Mr Kirby Chong gave a talk in IEM on 16 May 2013 titled Attack and Defense of Web Applications and this
workshop is organized based on overwhelming interest to have hands on exposure on web security and web hacking
based on the talk.

Limited Participants
As this will be lectures plus hands-on training, registration is limited to only 20 participants on first come first served
basis, to enable the workshop leader to effectively guide participants on the exercises and methods.

Ir Tejinder Singh, immediate past chairman of ICTSIG Committee and currently the Committees Adviser, who is also
a Certified Ethical Hacker will facilitate the workshop.

IEM reserves the right to postpone, reschedule, allocate or cancel the course. Full refund less 30% if cancellation is
received in writing more than 7 days before start date of the event. No cancellation will be accepted prior to the date
of the event. However, replacement or substitute may be made at any time with prior notification and substitute will
be charged according to membership status.