schedule
schedule
home cfp register sg_program sg_speakers sg_training sponsorship download archive travel about contact
Archive > 2009 > Singapore > TRAINING

Training classes offered during SyScan'09 Singapore:

Course Code Course Title Instructor Course Fee
09-01 Web Application Security – Threats & Countermeasures Shreeraj Shah, Vimal Patel SGD$2,000
09-02 Java/JEE security Marc Schönefeld SGD$1,500
09-04 Writing Windows Shellcode Dave Aitel SGD$2,000
09-05 Building a Secure Wireless Network Cédric Blancher SGD$2,000

09-01 - Web Application Security – Threats & Countermeasures

Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.

The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Security is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits.

Target Audience:

Security Managers, Security Consultants and Auditors, Administrators, Developers, QA team and Code reviewers

Hands-on:

All concepts taught in this class are punctuated with hands-on exercises based on situations observed in real life. The class ends with a challenge exercise. Working within a limited time period, participants are expected to analyze the code, identify loopholes, exploit vulnerabilities present in the applications and suggest appropriate defense strategies.

Application Security Fundamentals and Principles - The evolution of applications, threats to an application, application security trends, the spectrum of application security attacks

Application Components and Protocols - Understanding multi-layered application architecture, programming languages used in applications – J2EE, .NET, PHP, etc., inside HTTP, HTML forms and browser interaction, introduction to tools useful for testing applications, Web Server configuration, web server vulnerabilities, fingerprinting web servers and application servers, security controls pertaining to web servers and their deployment

Application Footprinting, discovery and profiling applications - Host and Domain discovery, discovering web applications and interfaces, discovering the functional structure of applications – the hacker's viewpoint, Advanced techniques, Discovering Web services and Web applications, Profiling Web services and applications, Ajax fingerprinting, Profiling Ajax applications and Server-side entry point detection

Application Attack Vectors - Mapping assets to attacks, sifting through HTML source, forcing application layer errors, information leakage through error messages, source code disclosure, input tampering and input validation attacks, SQL injection and attacks on the database, injecting malicious code and remote command exec, accessing the underlying file system, brute forcing HTTP authentication, Brute Forcing HTML form authentication, Session Hijacking, Cross Site Scripting (XSS) attacks, Cross Site Request Forgery (XSRF) attacks

Threat Modeling - Threat analysis, Architecture review, Technologies and Source Code, Threat matrix, Security controls for code, Design analysis and review

Assessment methods – Blackbox, Whitebox,analyzing configuration and deployment issues, Reconnaissance and Vulnerability Assessment, Fingerprinting Web servers and Architectures, Defense strategies - Minimizing the window of opportunity, Leveraging Web mashups and search APIs

Application Attack countermeasures - Security by design, The importance of application security controls in the software development life cycle, Secure coding practices, Protecting data at rest and data in transit, Client side security

An Introduction to Advanced Application Architectures - Refreshing classic application security threats and vulnerabilities, Evolution of application architectures, Web services, SOAP and AJAX, Security model for next generation application architectures, Web Services and SOAP, XML-RPC, AJAX enriched clients, New tools and techniques for attacking advanced application architectures

Advanced Web attacks - XPATH injection, XML and Schema poisoning, Blind SQL injection, XSS proxy attacks, Browser hijacking, Intranet scanning, Javascript exploitation

Whitebox Analysis - Entry points detection, Tracing and Digging, Function and Component dissecting, Threat and Impact analysis

Securing Code & Defense - Fundamentals, Controls and Strategies, Input validations, Error handling, Session hardening, Logs and Tracing, Traps for hackers, Assembly hardening, Guarding application code, Fundamentals, Controls and Strategies

XML and Web Services - SOAP, XML-RPC and REST base attacks and security.

Web Fuzzing & Exploits - Web application entry points, the art of fault injection, Exploit framework – Metasploit, Exploiting SQL injection points, Building exploits and launching them effectively

Client side coding - Ajax and JavaScript analysis, Flash based application reviews and Browser security.

Instructors:

Shreeraj Shah
B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security (Thomson 07), Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

Blog: http://shreeraj.blogspot.com

Vimal Patel
Vimal Patel is founder of Blueinfy, a company that provides products and services for application security. Vimal leads research and product development efforts at Blueinfy.

Prior to founding Blueinfy, he held position of Vice President at Citigroup where he led architecture, design and development of various financial applications. Vimal holds Masters in Computer Science. Vimal has over a decade of experience and expertise in many technologies. His experience ranges from design of complex digital circuits and microcontroller based products to enterprise applications.

top^

09-02 - Java / JEE Security

JEE is known as a framework to build java business applications. Vulnerabilities in these applications are on the one hand introduced by the software, and on the other and more likely created by the application developers. For a complete JEE security audit it is therefore more important to build up the skill to "feel" the attack surface than just applying pre-build exploits that only expose framework bugs.

This class starts with describing the important parameters that define the attack surface, such as dangerous code patterns, configuration settings and reasonable secure defaults. Examples of real-life vulnerabilities are used introduce the participatents to the experience that simple bugs are able to create holes, we cover both perspectives, the bug and the fix. The curriculum goes on with presenting and train the use of the tool set, necessary to spot vulnerable code parts. We presented techniques such as code skim reading, binary scanning, reverse engineering and interpreting the hidden security message of harmless looking heap, thread and stack dumps.

The trainer has been involved with the deeper details of java security for about seven years and showed the success of the presented method by finding a large range of CVE relevant vulnerabilities. This class does not require prior knowledge of the java bytecode set but a deeper understanding how JVMs work mixed with creativity is very helpful to transfer the presented techniques into personal success.

The examples and exercises shown in this class cover apache tomcat, apache geronimo and sun glassfish.

The topics presented are:
 • The Java architecture, JVMs and bytecode
 • The java security model
 • Secure programming in a nutshell
 • Java vulnerabilities, how they differ from C-type bugs
 • The JEE architecture
 • Open holes in JEE, how to spot them
 • How to harden a JEE server
 • Tools and toys to prepare and conduct JEE pentests
 • Writing self-assessment clients
 • Short excursion to web security, xss and xsrf, how to spot and prevent
 • in JEE Examples, examples, ...

Instructor:

Marc Schönefeld
Marc Schönefeld has been involved with the deeper details of java security for about seven years and showed the success of the presented method by finding a large range of CVE relevant vulnerabilities.

After having worked in the banking IT for 10 years he moved to a large operating system vendor to identify and prevent vulnerable parts in open source java distributions. He has spoken on major conferences such as Blackhat, RSA, XCon, HackInTheBox and PacSec.

2002: Blackhat Security Aspects Bytecode Engineering
2003: Java Vulnerabilities, joint paper with iDefense
2003: Java Vulnerabilities (shown at RSA Europe)
2004: D-A-CH Security: Java Side-Channel attacks
2004: DIMVA: Java Vulnerabilities
2004: Second place in RSA European Security Award
2005: RSA USA, Java Security Antipatterns (=> Bellua, Xcon, HITB)
2006: DIMVA: Practical Impact of Java Security Antipatterns (=> Blackhat, Xcon, HITB, WebSec)
2006: PacSec: Security Aspects of .NET WCF
2007: PacSec: Intellectual Property Protection in Java and JEE

top^

09-04 - Writing Windows Shellcode

Immunity proposes teaching its 2-day "Writing Windows Shellcode" class. This class will not require the use of any commercial (pay for) software tools, making it easy to deliver to students of all backgrounds.

A two day class that introduce the student in the black art of shellcode writing. Lsugh all the simple to state-of-the-art shellcode in Windows taught mostly hands on, lab-oriented fashion.

Day 1
 • Introduction to i386 assembler for shellcode writers.
 • Immunity Debugger Basics
 • MOSDEF Usage
 • Shellcode theory
 • Basic Shellcodes
    - Connect Back
    - Port Binding
    - Command execution
    - HTTP Download and Execute

Day 2
 • Encoders:
    - Basics
    - Writing your own

 • Advance Shellcodes
    - Inject into Process
    - Fork and Load
    - Tricks from the field

Instructor:

Dave Aitel
The Founder and CTO of Immunity, Dave Aitel, was a consultant with @stake and a research scientist with the National Security Agency. Dave's background lies in Linux and Unix systems. His focus changed to Windows exploitation after founding Immunity, and in more recent years has expanded to include web applications and engine development for CANVAS such as MOSDEF, the engine's C compiler. Dave continues to write CANVAS exploits and conduct security research while leading the technical team and product and service direction at Immunity. He oversees all technical projects at Immunity.

top^

09-05 - Building a Secure Wireless Network

Wireless LANs are now widely deployed and have often introduced an explosion of security issues and unique vulnerabilities. Despite nowadays state of the art in terms of wireless security, it still appears a lot of available Wi-Fi networks not being properly secured. Destined to both network administrators and auditors, this training will bring them up to date with state of the art Wi-Fi security technologies, providing detailed background and practical hands-on exercises. At the end of this course, they will be able to integrate secure wireless environments in their existing infrastructure, assess and maintain their security level.

Pre-requisite:

 • Ethernet and TCP/IP knowledge, and experience
 • 802.11 experience is a plus

This training features practical exercices that need specific prerequisites. In order to get the most out of them, students will need a laptop running Backtrack v2 Stable Release live CDROM[1] properly[2] with an injection capable wireless adapter[3] (Atheros based adapter strongly advised).

 • [1] http://www.remote-exploit.org/backtrack.html
 • [2]http://backtrack.offensive-security.com/index.php?title=HCL:Laptops
 • [3]http://backtrack.offensive-security.com/index.php?title=HCL:Wireless

Class Outline:

 • Quick Wi-Fi basics wrap-up
 • Wi-Fi networks security assessment
 • Wi-Fi security consideration through examples
 • Wi-Fi networks enumeration technics and tools
 • Wi-Fi weaknesses
 • Intrinsic weaknesses
 • Bypassing basic security features
 • WEP flaws and cracking technics
 • Applied malicious traffic injection
 • Wi-Fi stations exposure
 • Wireless networks assessment methodology
 • From discovery to security evaluation
 • Building secure Wi-Fi networks
 • Wi-Fi security features
 • 802.1x authentication
 • Wi-Fi Protected Access
 • IEEE 802.11i/WPA2
 • Wi-Fi Protected Setup
 • Integrating Wi-Fi within existing infrastructures
 • Possible interactions
 • Use cases study
 • Roadmap and key points

Instructor:

Cédric Blancher
Cédric has been working for 7 years in network security field, performing audits and penetration tests. In 2004, he joined EADS Innovation Works and now runs the Computer Security Research Lab in Suresnes, France. His research focuses on network security, wireless links and protocols security, Wi-Fi in particular. He is an active member of Rstack team and French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis. He had delivered technical resentations and trainings worldwide, written papers and articles on network security and wrote Wi-Fi traffic injection tool Wifitap. Cédric's website: http://sid.rstack.org/

top^
© Copyright, 2014, SyScan