Академический Документы
Профессиональный Документы
Культура Документы
Website: www.iem.org.com
IEMICTSIG
REGISTRATION FORM
Two-Day Workshop On Web Application Penetration Testing for Beginners
25 26 January 2014 at Wisma IEM, Petaling Jaya
Closing Date : 21 JANUARY 2014
No
Name(s)
Mship No.
Grade
Fee (RM)*
Total Payable
*Fees MUST be fully paid BEFORE the CLOSING DATE. Seats could only be confirmed upon payment.
TWO-DAY WORKSHOP ON
WEB APPLICATION PENETRATION TESTING
FOR BEGINNERS
Organised By:
Information and Communications Technology Special Interest Group, IEM
Date : 25 26 January 2014 (Saturday & Sunday)
Venue : C&S and TUS Lecture Room, 2nd Floor
Wisma IEM, Petaling Jaya, Selangor
Time : 9.00 a.m. - 5.30 p.m.
REGISTRATION FEE
IEM Student Member
IEM Graduate Member
IEM Corporate Member
Non IEM Member
____________________________________
Signature & Stamp
________________________________
Date
Photocopies are acceptable
On-line
RM 250.00
RM 500.00
RM 800.00
RM1100.00
Normal
RM 280.00
RM 600.00
RM 900.00
RM1200.00
PREREQUISITES
As this is a hands on workshop, participants are required to bring your own notebooks with the
following specifications:
1. 4GB Ram with high-end processor
2. 60 GB free hard disk space
3. Operating System : Linux (Ubuntu) or Windows 7
Note: Participant notebooks will be loaded with a virtual machine software at the beginning of the
training session and Windows 8 is not to be used due to compatibility problems with this virtual
machine software.
_____________________________________________________________________________________
Telephone No.: _________________________________(O) ___________________________________ (Fax)
:
:
:
:
LIMITED TO 20
PARTICIPANTS
ONLY
IMPORTANT NOTES
Synopsis
Most of us will not pass a single day without browsing a website, whether it is for business, education or
entertainment. Some of us, or the companies we own, or the companies work for either have a website,
portal or a blog site to make a web presence. However such web presence do attract visitors of a
different kind, ie those who want to illegally access restricted areas of websites for various reasons;
right from simple defacing of the websites, extraction of competitive data or data that has commercial
value to other interested parties, and also corruption of data that may result in disruption of the
organizations services.
Day 2
08:15
09.00
Course Registration
09.00
10:45
Web Client
Web Server
Database
09.00
10:45
10:45
11:00
Tea Break
10:45
11:00
There are many methods that a companys ICT infrastructure and applications can be compromised. This
workshop covers only the penetration of web applications and does not include penetration into other
ICT infrastructure components like switches, firewalls and VPNs.
11:00
13:00
Attack Authentication
Mechanism
11:00
13:00
Benefits
Understanding of what are the common shortcomings in web design that can be exploited or that can expose
the web application to security compromises.
Understand the various methods of attack and common entry points on web applications.
Understand precautionary measures on security as a user of web applications and the Internet.
Ability to use readily available tools for quick diagnosis of company or own web applications.
13:00
14:00
Lunch Break
13:00
14:00
This workshop which comprises lectures and hands on exercises by participants using their own
notebooks,will provide an overview of web architecture, common web attack and penetration methods,
and tools used for attacks and penetration. Participants should at least be able to acquire the basic
understanding and basic skills needed to assess the security of their own websites and portals as well as
to exercise precautionary measures in their own web surfing activities and tightening security measures
where applicable.
14:00
16:00
16:00
16:15
Tea Break
16:15
17:30
Reconnaissance / Profiling /
Server Discovery
Footprinting
DNS Interrogation
Ping
14:00
16:00
16:00
16:15
16:15
17:30
Recap Day 1
Reconnaissance / Profiling / (contd)
Service Discovery
Server Identification
Tea Break
Server-side Attack
Nikto
WebInspect
Nexpose / Metasploit
Lunch Break
Client-side Attacks
SET
Metasploit
Attacking Authentication
Remediation steps
Recommendations
Cancellation Policy
Mr Kirby Chong gave a talk in IEM on 16 May 2013 titled Attack and Defense of Web Applications and this
workshop is organized based on overwhelming interest to have hands on exposure on web security and web hacking
based on the talk.
Limited Participants
As this will be lectures plus hands-on training, registration is limited to only 20 participants on first come first served
basis, to enable the workshop leader to effectively guide participants on the exercises and methods.
Ir Tejinder Singh, immediate past chairman of ICTSIG Committee and currently the Committees Adviser, who is also
a Certified Ethical Hacker will facilitate the workshop.
IEM reserves the right to postpone, reschedule, allocate or cancel the course. Full refund less 30% if cancellation is
received in writing more than 7 days before start date of the event. No cancellation will be accepted prior to the date
of the event. However, replacement or substitute may be made at any time with prior notification and substitute will
be charged according to membership status.