CAST 613 - Advanced Application Security

Advanced Application Security Course


 
  Get Advanced Penetration Testing Training From EC-Council Get Certified in Mobile Hacking & Forensics Investigations Learn & Get Certified In Advanced Application Security Course Online From EC-Council Join Advanced Network Defense Training Program Online  
  Securing Windows Infrastructure (CAST 616)   Designing and Implementing Cloud Security Advanced SQLi Attacks and Countermeasures (CAST 619) 
 
 
 


CAST 613
Advanced Application Security

 

 

A course designed with the advance programmer in mind where more than 50% of the class involves hands-on coding labs requiring all students to have programming experience. This course is NOT language specific although program logic is an absolute must have

 


This three-day extremely specialized course delves into efficient and effective defensive code writing focused on thwarting-off attackers by applying carefully selected techniques essential to case hardening your application from within.
Walk into the world of a technical trainer with 23 years of experience delivering an in-depth analysis of popular vulnerabilities and then to map that back to a particular language where it would apply. Be exposed to real life attacks launched against applications from the web, off the shelf binary applications, popular runtimes such as .NET, Java and even Adobe AIR (In a legal and Ethical Way), learn where mistakes were made to ensure your house is in order.

Tim Pierson - Advanced Application Security Trainer

Tim Pierson is one of the World’s leading trainers in technology networks and security with credentials including ongoing selection to author training courses and manuals for global corporations. He conducts high-level security evaluations and delivers seminars before professional conventions. He is endowed with exceptional skills in communicating sophisticated information to sophisticated and non-sophisticated clientele.
Tim has been a technical trainer for the past 23 years and is an industry leader in both Security and Virtualization. He has been the noted speaker at many industry events including, Lectures at/for Savannah River & Los Alamos Nuclear Power Plant, Innotech, GISSA, many military venues including the Pentagon, and numerous Military facilities addressing security both in the US and Europe, Including but not limited to Numerous Army Bases in Germany and Belgium with both the US and Foreign Military organizations.
Tim is currently Senior Consultant and Trainer at Data Sentry, Inc. with special responsibilities to initiate, develop and validate training programs for current security practices and procedures. Tim possesses formidable knowledge in these areas and the years ahead will see Tim transcribe his know-how into authoring many certification training classes, often times completing self-certification on new and emerging products in advance of teaching or writing courseware or books on related subjects.
Tim’s training stints have taken him to many parts of the world — most major US cities, Europe and Asia. Having been exposed to a variety of students and audiences has given him the added advantage of being able to pitch his commitment at the appropriate level. It is therefore not surprising that he consistently receives accolades bearing testimony to his training prowess.
Tim’s projects include being contributing author of “VMware Virtual Infrastructure Security: Securing ESX and the Virtual Environment“. Moreover, he has done work for the bi-monthly Virtualization Security Roundtable Podcast available as a download on iTunes and Talk Shoe. Tim was Featured Speaker on Secure Coding and Virtualization Practices at Hacker-Halted in Miami September 2009 and the Hacker-Halted in Kuala Lumpur Malaysia in November 2009.
Students completing this course will gain in-depth knowledge in the following areas:
  • SSL – Compelled Certificate Injection
  • SSL – Renegotiation
  • CRL – Libraries
  • SQL Root Kits
  • XSS to the Max!
  • Fuzzing Techniques (Most programmers are not at all familiar with Fuzzing, but their code should indeed be fuzzed)
Fuzzing Defined – Throwing every type of input you possibly can at an application to try to get it to “hiccup”. If it does indeed hiccup with a GPF (General Protection Fault) or worse yet a Blue Screen (Meaning we have touched the Kernel) then we would explore further to try to find out what caused it and possibly use it for code execution or denial of service attacks.

1. Advanced Fuzzing Technology

  • Making the application "hiccup"

2. Programming to defend against Attacking from the outside (Over the Web)

  • XSS on Steroids - HOL
  • XSRF – The newest Dangers-  HOL
  • Click Jacking –. -  HOL
  • Filter, Filter, Filter - HOL
  • Learn New Techniques for Sanitizing input that actually work!
  • The Bank Robber in the Vault Scenario

3. Programming to defend against Attacking from the Inside – Binary Bypassing Antivirus

  • Packing Binaries
  • Crypting Binaries

4a. Programming to defend against Attacking from the Same LAN, vLan or Network Segment

  • Arp Cache Poison
  • DNS Poison and Redirection techniques
  • Route Table Poisoning

4b. Programming techniques to defend against MiTM attacks of all kinds

  • MITM TECHNIQUES
  • Quick Overview of Popular TOOLS
  • Programmers RISK SHEET Checklist!

5. Programming to defend against Cryptographic Errors

  • SSL – The ugly truth. How it can help and hurt you and how to properly use Libraries to ensure your protected
  • Don’t let the User make Security Decisions

6. SQL- DataBase RootKits

  • Ask the Database a question (Query)
  • But receive back what the attacker wants you to receive back. - HOL

Appendix: Handy Definitions and Examples Checklist with Examples for Programmers for each Attack and Weakness

How will this course benefit you?

If you have taken secure coding courses in the past, this course is a step above those addressing things not talked about or done in those other courses such as:
  • Having an in-depth look of today’s latest risks in the programming environment
  • What today’s prevention tools are & how new attacks are being executed to infiltrate your environment
  • How to stop this attacks on its tracks
  • Advanced Fuzzing Technology
  • Programming techniques to defend against MiTM attacks of all kinds
  • SQL-Database Rootkits




Practically information security personnel from any organization with the responsibility of handling important data would find this course beneficial, examples are:

  • Government agencies
  • Universities
  • Hospitality
  • Retail
  • Banking and Financial institutions
  • Brokerage and Trading firms
  • Insurance
  • Scientific institutions & research agencies
  • Telecommunication
  • Computer design firms
  • Consulting firms
  • Science and Engineering firms
  • Those involved with online related businesses & transactions
  • Card related businesses

NOTE: Students must be familiar with IT Security best practices, and have a good understanding of programming logic and common web technologies as well as binary applications

  • Basic Windows administration for servers and workstations
  • Basic Linux/NIX system administration skill
  • Basic command line proficiency on both Windows and NIX systems

CAST On-site provides personalised Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service.
CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.

Key features of CAST On-site:

  • Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals
  • CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you
  • CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one
  • With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation
  • You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality
  • Each individual client receives the required high level of training that is benchmarked to international best practise and standards
  • Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them
  • Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance

Enquire Online About Advanced Security Training Programs

We at CAST would like to hear from you


if you have questions, comments or feedback for us, please send us a message using the from below or email us at cast@eccouncil.org
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!

CAST General Enquiry Form