schedule
schedule
home cfp register sg_program sg_speakers sg_training sponsorship download archive travel about contact
Archive > 2008 > Singapore > TRAINING

Training classes offered during SyScan'08 Singapore:

Course Code Course Title Instructor Course Fee
08-01 Securing your Oracle Database from hackers from an unrecognized influence Alexander Kornbrust SGD$2,500
08-02 Web Application (In) Security NGS Software SGD$1,500
08-03 (Advance) Securing Your Linux Systems Andrea Barisani SGD$2,500
08-04 Building Secure Wireless Network Cédric Blancher SGD$2,500
08-05 Secure Application Coding Shreeraj Shah SGD$2,500

08-01 - Securing your Oracle Database from hackers

The attendees will learn the latest techniques in Oracle security (find vulnerabilities, unsecure configuration, passwords), analyze (custom) PL/SQL applications for vulnerabilities and how to harden Oracle databases. Common attacking techniques (Oracle rootkits and backdoors, Oracle Client attacks) and the appropriate countermeasures are also part of this training.

Pre-requisite:

Students should have at least basic knowledge of Oracle databse.

Class Outline:

Day 1
 • Introduction
 • Oracle Basics (Oracle Architecture, Oracle Products, Oracle Features)
 • Passwords
 • SQL-Injection (Database, Web, C/S)
 • Hacking mod_plsql
 • Google Hacking for Oracle Techniques
 • Hardening Oracle Databases
 • Hardening Oracle 10g R2
 • Checking databases with Repscan

Day 2
 • PL/SQL Programming Basics (Execute programs, read/write files)
 • PL/SQL-Source-Code Analysis
 • Oracle Client attacks
 • IDS Evasion
 • Oracle Encryption
 • Oracle Rootkits & Backdoors

Instructor:

ALEXCANDER KORNBRUST
Alexander Kornbrust is the founder of Red-Database-Security GmbH, a company specialised in Oracle security.

He is responsible for Oracle security audits and Oracle Antihacker training. Before that he worked several years for Oracle Germany, Oracle Switzerland and IBM Global Services as consultant. Alexander Kornbrust is working with Oracle products as DBA and developer since 1992.

During the last 6 years found over 200 security bugs in various Oracle products like database or application server.

top^

08-02 - WEB APPLICATION (IN)SECURITY

This is a cutting-edge, hands-on course aimed at hackers who want to exploit web applications, and developers who want to know how to defend them. The course is presented by the authors of the critically-acclaimed Web Application Hacker’s Handbook, and covers the entire process of hacking a web application, from initial mapping and analysis, probing for common vulnerabilities, through to advanced exploitation techniques.

This year, the course contains more than 300 brand new lab examples, containing virtually every vulnerability that has ever been found in web applications. Even the most capable hackers will be challenged and find plenty to take away. We will also demonstrate the very latest hacking techniques developed over the past year. Some highlights include:

 • exploiting SQL injection using second-order attacks, filter bypasses, query chaining and fully blind exploitation;
 • breaking authentication and access control mechanisms;
 • reverse engineering Java, Flash and Sliverlight to bypass client-side controls;
 • exploiting cross-site scripting to log keystrokes, port scan the victim’s computer and network, and execute custom payloads;
 • exploiting LDAP, XPath and command injection; and
 • uncovering common logic flaws found in web applications.

The course concludes with a catch-the-flag contest, where participants try out their skills against a series of challenging scenarios, with prizes for winners. Attendees are expected to be familiar with core web technologies like HTTP and JavaScript.

Pre-requisite:

The ideal delegate will have some familiarity with web application security, being familiar with terms such as Cross Site Scripting and SQL Injection even if they haven’t had the chance to exploit these fully.

This course has heavy lab content, so familiarity with common web application tools and vulnerabilities is required for full appreciation of the course.

Understanding of programming languages (especially PHP, ASP and ASP.NET) preferred.

Class Outline:

COURSE INTRODUCTION
 • Course Abstract
 • Course Objectives
 • Course Instructors
 • Course Delegates
 • Course Domestics & Timetable

AN INTRODUCTION TO WEB APPLICATIONS
 • The Advantages of a Web Application
 • Common Uses and Configurations
 • The Core Security Issue

APPLICATION STRUCTURE
 • Sample Application Overview
 • Input Validation
 • Authentication
 • Session Checking
 • Privilege Management
 • Administration
 • Auditing and Logging
 • Error Handling

TECHNOLOGIES
 • J2EE
 • ASP.Net
 • PHP

MAPPING THE APPLICATION
 • Profiling
 • Determining Technologies in Use
 • Dissecting a Request
 • Learning the Behaviour of the Application
 • Content discovery

BYPASSING CLIENT CONTROLS
 • Bypassing HTML Controls
 • JavaScript and VbScript
 • Java
 • ActiveX
 • Securing Client-Side Content

AUTHENTICATION VULNERABILITIES
 • Design flaws in authentication mechanisms
 • Implementation flaws in authentication
 • Securing authentication

VULNERABLE SESSION MANAGEMENT
 • Background to session management
 • Weaknesses in session token generation
 • Weaknesses in session token handling
 • Securing session management

BROKEN ACCESS CONTROLS
 • Common vulnerabilities
 • Attacking access controls
 • Attacking access controls
 • Securing access controls

VULNERABILITIES - INJECTION
 • Interpreted Languages
 • SQL Injection
 • LDAP Injection
 • Command Injection
 • XML Injection

VULNERABILITIES - LOGIC FLAWS
 • Forced Browsing
 • Case Study 1: Registration Bug
 • Case Study 2: AOL Password Handling
 • Case Study 3: Multi-Stage Login
 • Case Study 4: The Memorable Word Bypass
 • Case Study 5: Text Searches
 • Case Study 6: Race Condition During Authentication
 • Beating a Business Limit

PATH TRAVERSAL
 • Common vulnerabilities
 • Detecting and exploiting path traversal vulnerabilities
 • Avoiding path traversal vulnerabilities

INFORMATION DISCLOSURE
 • Common vulnerabilities
 • Preventing information leakage
 • Google Hacking

ATTACKING OTHER USERS
 • Cross-Site Scripting
 • Redirection attacks
 • HTTP header injection
 • Frame injection
 • Cross-site request forgery (XSRF)
 • Session fixation
 • Attacking ActiveX controls
 • Advanced exploitation techniques

CLASSIC VULNERABILITIES
 • Classic vulnerabilities in web applications
 • Buffer overflows
 • Integer vulnerabilities
 • Format String Bugs

FLAWS IN WEB APPLICATION ARCHITECTURE
 • The Tiered Architecture
 • Shared Hosting Environments
 • Application Service Providers (ASPs)
 • Third Party Systems

WEB SERVER FLAWS
 • (Mis)Configuration
 • Web Server Vulnerabilities
 • Oracle Application Server

A WEB APPLICATION ASSESSMENT TOOLKIT
 • Web Browsers
 • Site Spiders
 • Vulnerability Scanners
 • Local Proxies
 • Brute Forcing Tools
 • Custom Toolkits
 • Programming for Pentesters

BRUTE FORCING TECHNIQUES
 • Targets for Brute Forcing
 • Performing a brute force attack

SECURITY DEVICES
 • Module Overview
 • Intrusion Detection
 • Application Firewalls

IDENTIFYING VULNERABILITIES IN SOURCE CODE
 • Approaches to code review
 • Signatures of common vulnerabilities
 • Java
 • ASP.NET
 • PHP
 • Perl
 • SQL

Instructors:

MARCUS PINTO
Marcus is the author of The Web Application Hackers Handbook: Discovering and Exploiting Security Flaws" (http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/ref=sr_1_1/002-9138979-0048858?ie=UTF8&s=books&qid=1182438884&s) published in October 2007, co-authored with Dafydd Stuttard.

Marcus has over 5 years’ experience in providing technical, hands-on security consultancy to a diverse range of high-profile clients' web applications such as the British Ministry of Defence, High Street Banks, Financial Institutions, Telecommunications and the British National Critical Infrastructure.

In his current employment he is heavily involved with NGS’ financial sector clients. This involvement requires a strong focus on web application vulnerabilities from architectural and penetration testing approaches. This also demands an understanding of the specific vulnerabilities arising from complex, large-scale J2EE and .Net deployments to which many assessment teams are not exposed.

Marcus has experience in web application development, and has spoken at many conferences, as well as providing the original delivery and co-production of NGS’ Black Hat Database Assessment course and Web Application Course.

Before joining NGS, Marcus worked as an advisor to a Vulnerability Assessment Team in the British MoD.

DAFYDD STUTTARD
Dafydd Stuttard is a Principal Security Consultant at Next Generation Security Software, where he leads the web application security competency. He has nine years’ experience in security consulting and specializes in the penetration testing of web applications and compiled software. Dafydd has worked with numerous banks, retailers, and other enterprises to help secure their web applications, and has provided security consulting to several software manufacturers and governments to help secure their compiled software. Dafydd is an accomplished programmer in several languages, and his interests include developing tools to facilitate all kinds of software security testing.

Dafydd has developed and presented training courses at the Black Hat security conferences around the world. Under the alias “PortSwigger” Dafydd created the popular Burp Suite of web application hacking tools.

top^

08-03 - (ADVANCE) SECURING YOUR LINUX SYSTEMS

The course shows how to effectively implement modern hardening frameworks and techniques for securing Linux-based (and secondarily *NIX systems) systems by keeping things manageable and at the same time avoiding the usual madness and confusion often created by MAC/hardening frameworks.

The goal of this course is to teach hands-on how to deal with every aspect of installing, configuring and maintaining hardening frameworks and learning the available techniques and administration for securing Linux systems. You'll learn the different architectures, implementation details, administration procedures and issues related to all the covered frameworks as well as acquire the proper skills for maintaining and troubleshooting the hardened environment. Special focus will be given to security monitoring and auditing, policy development and maintenance and hardening systems integration with your favourite distribution / OS.

Pre-requisite:

 • basic command line proficiency on *NIX systems
 • basic Linux/*NIX system administration skills
 • familiarity with Makefiles / autoconf usage and package compilation and installation
 • familiarity with Linux kernel configuration / compilation / installation
 • basic scripting skills
 • Each student must bring his own laptop running a recent Linux distribution, Fedora, RHE or Gentoo/Linux are the best choices but since the class will also focus on how to deal with this frameworks on any distribution we won't require any of those as long as it's a modern distribution capable of compiling without problems.
 • Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.

Class Outline:

 • basic *NIX security concepts and techniques
 • security monitoring with Host Intrusion Detection Systems (HIDS)
 • log monitoring and correlation
     • swatch / tenshi / SEC / ...
 • file system integrity checkers
     • aide / samhain / osiris / ...
 • sensible accounts and auth token management
 • One Time Passwords
 • shell account security
 • extended POSIX ACLs
 • hardening frameworks
     • PaX / ASLR / Grsecurity
     • SELinux
     • RSBAC
     • Systrace
 • GCC hardening / Stack Smashing Protection
 • ELF hardening: PIE (Position Independent Executables) / PIC (Position Independent Code)
 • secure backup architectures
 • centralized account management with LDAP

Instructor:

ANDREA BARISANI
Andrea Barisani is a system administrator and security consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 16 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. He's currently involved with the Gentoo project managing infrastructure server security being a member of the Gentoo Security and Infrastructure Teams along with distribution development. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester and openssh-lpk projects and he's been involved in the Open Source Security Testing Methodology Manual, becoming a ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.

top^

08-04 - BUILDING SECURE WIRELESS NETWORKS

Wireless LANs are now widely deployed and have often introduced an explosion of security issues and unique vulnerabilities. Despite nowadays state of the art in terms of wireless security, it still appears a lot of available Wi-Fi networks not being properly secured. Destined to both network administrators and auditors, this training will bring them up to date with state of the art Wi-Fi security technologies, providing detailed background and practical hands-on exercises. At the end of this course, they will be able to integrate secure wireless environments in their existing infrastructure, assess and maintain their security level.

Pre-requisite:

 • Ethernet and TCP/IP knowledge, and experience
 • 802.11 experience is a plus

This training features practical exercices that need specific prerequisites. In order to get the most out of them, students will need a laptop running Backtrack v2 Stable Release live CDROM[1] properly[2] with an injection capable wireless adapter[3] (Atheros based adapter strongly advised).

 • [1] http://www.remote-exploit.org/backtrack.html
 • [2]http://backtrack.offensive-security.com/index.php?title=HCL:Laptops
 • [3]http://backtrack.offensive-security.com/index.php?title=HCL:Wireless

Class Outline:

 • Quick Wi-Fi basics wrap-up
 • Wi-Fi networks security assessment
 • Wi-Fi security consideration through examples
 • Wi-Fi networks enumeration technics and tools
 • Wi-Fi weaknesses
 • Intrinsic weaknesses
 • Bypassing basic security features
 • WEP flaws and cracking technics
 • Applied malicious traffic injection
 • Wi-Fi stations exposure
 • Wireless networks assessment methodology
 • From discovery to security evaluation
 • Building secure Wi-Fi networks
 • Wi-Fi security features
 • 802.1x authentication
 • Wi-Fi Protected Access
 • IEEE 802.11i/WPA2
 • Wi-Fi Protected Setup
 • Integrating Wi-Fi within existing infrastructures
 • Possible interactions
 • Use cases study
 • Roadmap and key points

Instructor:

Cédric Blancher
Cédric has been working for 7 years in network security field, performing audits and penetration tests. In 2004, he joined EADS Innovation Works and now runs the Computer Security Research Lab in Suresnes, France. His research focuses on network security, wireless links and protocols security, Wi-Fi in particular. He is an active member of Rstack team and French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis. He had delivered technical resentations and trainings worldwide, written papers and articles on network security and wrote Wi-Fi traffic injection tool Wifitap. Cédric's website: http://sid.rstack.org/

top^

08-05 - SECURE APPLICATION CODING

Application source code, independent of languages and platforms, is a major source for vulnerabilities. One of the CSI surveys on vulnerability distribution suggests that 64% of the time, a vulnerability crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there is a possibility of at least one security issue contained in every 1,500 lines of code. To avoid these sort of security issues one needs to follow sound secure coding and design principals. It is also imperative to know code review methodologies and strategies to assess the quality of code before deploying to the production. The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum.

Secure Coding course for Applications is hands-on class. The class features real life cases, hands one exercises, code scanning tools and defense plans. Participants would be methodically taken down to the source code level and exposed to the flaws in design and coding practices. The class would then focus on what are the proper ways of writing secure code and analyze the code base. This class addresses popular languages and platforms like VB/C# (.NET), Java(J2EE), PHP, ASP etc.

Target Audience:

Developers, QA team, Code reviewers, Security professionals and Managers.

Class Outline:

 • Client side coding: Ajax and JavaScript analysis, Flash based application reviews and Browser security.
 • Exposure to various tools and cases.

Hands-on:

All concepts taught in this class are punctuated with hands-on exercises based on situations observed in real life. The class ends with a challenge exercise. Working within a limited time period, participants are expected to analyze the code, identify loopholes, exploit vulnerabilities present in the applications and suggest appropriate defense strategies.

Application Security Fundamentals and Principles  • The evolution of applications  • Threats to an application  • Application security trends  • The spectrum of application security attacks

Application Components and Protocols
 • Understanding multi-layered application architecture
 • Programming languages used in applications – J2EE, .NET, PHP, etc.
 • Inside HTTP
 • HTML forms and browser interaction
 • Introduction to tools useful for testing applications

Front-end servers
 • Web Server configuration
 • Application security fundamentals: Application evolution, Layered threats, Threat models, Attack vectors and Hacker’s perspective.
 • Application infrastructure overview: Protocols (HTTP/SSL), Tools for analysis, Server layers and Browsers.
 • Application Architecture: Overview to .NET and J2EE application frameworks, Application layers and components, Resources and interactions, other languages.
 • Advanced Web Technologies: Ajax, Rich Internet Applications (RIA) and Web Services.
 • Application attack vectors and detail understanding: SQL injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Path traversal, Session hijacking, LDAP/XPATH/Command injection, Buffer overflow, Input validation bypassing, Database hacks, Ajax exploits, Web Services attack vectors, Decompiling assemblies and many more.
 • Principals of Secure Coding: Fundamentals, Controls and Strategies.
 • Key security aspects: Authentication, Authorization, Session management, Crypto usage and Error handling.
 • Defense plans: Secure objects, functions and wrappings
 • Code review methodologies: Spidering the code, enumerating blocks, identifying modules.
 • Scanning for vulnerabilities: Function and Method signature mapping, entry point identification, data access layer calls, tracing variables and functions.
 • Applying validations: Input validations, Output validations, Data access filtering, and Authentication validates.
 • XML and Web Services: SOAP, XML-RPC and REST base attacks and secure coding.
 • Web server vulnerabilities
 • Fingerprinting web servers and application servers
 • Security controls pertaining to web servers and their deployment

Application Attack Vectors
 • Mapping assets to attacks
 • Sifting through HTML source
 • Forcing application layer errors
 • Information leakage through error messages
 • Source code disclosure
 • Input tampering and input validation attacks
 • SQL injection and attacks on the database
 • Injecting malicious code and remote command execution
 • Accessing the underlying file system
 • Brute forcing HTTP authentication
 • Brute forcing HTML form authentication
 • Session Hijacking
 • Cross Site Scripting (XSS) attacks
 • Cross Site Request Forgery (XSRF) attacks

AJAX and Web Services Components and Protocols
 • Web 2.0 application components
 • Programming languages used in web 2.0 applications
 • Inside the Web Services stack
 • Understanding XML, WSDL, SOAP and UDDI protocols

Threat Modeling
 • Threat analysis
 • Architecture review
 • Technologies and Source Code
 • Threat matrix
 • Security controls for code
 • Design analysis and review

Source Code Analysis
 • Entry points detection
 • Tracing and Digging
 • Function and Component dissecting
 • Threat and Impact analysis

Vulnerability Detection and Countermeasures
 • Authentication
 • Authorization
 • SQL and XSS
 • Session Management
 • Client side
 • Web 2.0 component vulnerabilities (RSS, Mashups, Widgets etc.)
 • Etc.

Securing Code
 • Input validations
 • Error handling
 • Session hardening
 • Logs and Tracing
 • Traps for hackers
 • Assembly hardening
 • Guarding application code

Libraries and Approaches
 • Security libraries
 • Integration for .NET and J2EE
 • SDLC approach
 • Security in the process
 • Standards and best practices

Advanced attacks and defense
 • XPATH injection
 • XML and Schema poisoning
 • Blind SQL injection
 • XSS proxy attacks
 • Browser hijacking
 • Intranet scanning
 • Javascript exploitation

Instructor:

SHREERAJ SHAH
Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security (Thomson 07), Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

Shreeraj was instrumental in product development, researching new methodologies and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments, security architecture reviews and managing projects. Blog: http://shreeraj.blogspot.com

top^
© Copyright, 2014, SyScan