CHASE-2007 Conference on Hacking and Security
Home | Talks | Training | Register | Contests | Venue | Sponsors | Team | Archives | Press | Contact Us |
English | اردو

Call for Papers
Call for papers for CHASE-2009 is open. Please submit your papers as early as possible. Deadline is Friday September 04, 2009.

Training
There are four tracks of training available in CHASE-2009. Discount applicable if you register early. Please see details here.

International Participants
Partial or full travel funding is available for speakers coming from outside of Pakistan. FREE boarding and lodging for all the international participants. Please see details here.

Registration
If you wish to attend the talks or would like to attend the trainings, please register here as early as possible. Discount applicable if you register early.

Free Internet and Gaming
Free access to the Internet will be provided during the event. Further, there is an arrangement of bzflag gaming competition among the interested participants.

Sponsors
Open Source Resource Center - PSEB
ESecurity
Netmag
Nexlinx

Would like to sponsor?
Please click here

Mailing List
Please join our mailing list to get latest updates and information
groups.yahoo.com/group/ChaseMela/
Takhtee
An education and social project that we endorse. Please visit the page for more information.

CHASE-2009 | Conference On Hacking And Security
Friday-Tuesday, November 06-10, 2009, Lahore.

Training - 3: Web Application Hacking and Vulnerability Analysis

Training: Web Application Hacking and Vulnerability Analysis
Trainer: Mr. Muhammad Haroon and Mr. Hamza Qamar - ESecurity
Duration: One Day - Monday November 09, 2009.
Cost: See below. Discount applicable if you register early.

Early
Before September 25, 2009		 Regular 
Before October 23, 2009		 Late
After October 23, 2009.
Rs. 10,000/- Rs. 15,000/- Rs. 20,000/-

  • Lunch and two tea breaks are included.
  • At the end of training you will get:
    • Certificate of completion of training.
    • CD with all the programs and tools.
  • FREE boarding and lodging for all foreign participants.
  • Please bring your laptop when you come to attend the training session. Limited number of computers are available for those who cannot bring a laptop.
 How To Register
Please download and fill Training Registration Form and post along with payment to the address given in the form.

After you have posted the registration form, please send an electronic copy to the email address given below:

register AT chase DOT org DOT pk

A confirmation email will be sent once the post has been received. After the payment has been successfully transferred, a receipt will also be posted to your address as well which you should produce at the time of the event.

Training Overview
This training is designed to provide the participants with knowledge and understanding of web application hacking techniques and the ability to apply these techniques while performing security analysis and testing on these applications. During the training, the particpants will learn to understand the programming glitches and faults which lead to application level vulnerabilities, as well as exploitation techniques for the vulnerability presented.

This training is intended for security enthusiasts, software engineers, network administrators and potential security professionals.

It is desirable that the participants have knowledge of web application technologies, networking and SQL language.

Training Content

Main contents of this course are as following:

Introduction

  • Introduction to Application Security
  • Comparison of Infrastructure and Application Attacks
  • Training Information
  • Application Hacking Essentials
  • Application Penetration Test Methodologies
  • Understanding the HTTP Protocol
  • Application Testing Tools
Site Scanning and Probing
  • Using Automated Scanning Tools
  • Identifying Underlying Infrastructure
  • Automatic and Manual Application Mapping
Server Side Source Code Disclosure
  • Purpose of Server Side Source Disclosure
  • Known and Unknown Techniques for Disclosing Source Code
  • Analyzing Disclosed Server Side Code
File and Parameter Guessing and Enumeration
  • Identifying and Exploiting Default Files
  • Enumerating Sequential Files or Parameters
  • Guessing Weak Username and Passwords
  • Using Google Hacking
Web Authentication and Authorization Overview

Session Attacks
  • Sessions Overview
  • Session Hijacking Methods and Techniques
Cross Site Scripting
  • Introduction to Cross Site Scripting
  • Client Information Theft Using Cross Site Scripts
SQL Injection
  • SQL Injection Overview
  • Exploitation of Simple SQL Injection
  • Blindfolded SQL Injection
  • Advanced SQL Injection Techniques
Shell Injection
  • Introduction to Shells (PHP, ASP and JSP)
  • Shell Injection Using Remote File Inclusion
  • Injecting Shell by File Upload Vulnerability
  • Injecting Shell by breaking into admin panel
Trainer: Mr. Muhammad HAroon and Mr. Hamza Qamar
Mr. Muhammad HAroon is an information security professional who has over 6 years of experience in the field of network security. Apart from being an M.Sc. in computer science from Arid Agriculture University Rawalpindi, he holds CPTS (Certified Penetration Testing Specialist) and CEH (Certified Ethical Hacker) certifications. Mr. HAroon is a security consultant currently working as an offshore penetration tester for various security providers. Mr. HAroon specializes in web security with extensive experience in information, network security, penetration testing, cyber forensics, vulnerability assessment, network and wireless security and defining security policy and procedure development.

He has delivered numerous talks and presentations at various forums.

Mr. Hamza Qamar has been working in the field of information security for about 6 years. He has hands on experience with web application security assessment , network penetration and wireless network penetration. Currently, he is working with a security services provider as security consultant.




Main Sponsor

Sponsor     Sponsor

Sponsor     Sponsor
  © CHASE 2006-2009,