|
 |
| Crafting Robust Defensive Codes |
Course Description
The Advanced Application Security course is a three day intensive course that will center on thwarting off attackers by defensively writing your code.
In this course, participants will discuss and learn new techniques for case hardening applications from within. Participants will be attacking applications from the web, off the shelf binary applications as well as popular runtimes such as .net, Java and even adobe AIR (In a legal and Ethical Way), and learn where mistakes were made and ensuring everything aspect of the principles of application security is in order.
Participants will understand how perpetrators turn off things like DEP and ASLR.
As an example: Knowing that DLL’s most typically load from a known location we will deal with the notion of what is called return oriented programming (ROP) gadgets. This is the concept where perpetrators will jump to the end of subroutines in that DLL, and then the subroutine finishes and returns to the caller, that is, to them.
So by cleverly using so called “the tails of existing code”, that also allows them to avoid the DEP protection, the Data Execution Protection, because they’re not executing data, they’re actually executing code. They’re executing Microsoft’s code, but certainly in a way that Microsoft never intended. All these will make a participant realize some of the most common mistakes made during the development lifecycle. |
|
Who should attend
Application developers, software programmers, and anyone who has had experience with hacking and pen testing and has to defend against these types of attacks should attend.
NOTE: This is NOT a course for the beginners. 50% of class is hands-on coding labs. Participants must have some programming experience. The course is NOT language specific although program logic is an absolute must have. This course is not suitable for those who have no programming experience at all. |
|
Pre-requisites
Students must be familiar with IT Security best practices, and have a good understanding of programming logic and common web technologies as well as binary applications
- Basic Windows administration for servers and workstations
- Basic Linux/NIX system administration skill
- Basic command line proficiency on both Windows and NIX systems
|
|
Benefits
We will take a deep dive into today’s latest risks in the programming environment. What todays prevention tools are and how the new attacks are trying to do to infiltrate your environment then lastly and probably most importantly how to stop them in their tracks. |
|
Course Outline
Module 1: Advanced Fuzzing Technology
Module 2: Programming to defend against Attacking from the outside (Over the Web)
Module 3: Programming to defend against Attacking From the Inside – Binary Bypassing Antivirus
Module 4: Programming to defend against Attacking From the Same LAN, vLan or Network Segment
Module 5: Programming to defend against Cryptographic Errors
Module 6: SQL- DataBase RootKits |
|
 |
|
Instructor
Tim Pierson
Dates
October 26 – 28, 2012
Pricing
Register and pay by May 31, 2012: $2799
Register and pay by August 31, 2012: $3199
Register and pay after September 1, 2012: $3399
Class Capacity
25 |
| |
You will get this:
- Official CAST Courseware
- Complimentary Pass to Hacker Halted conference (Inclusive of Party entrance pass).
- Lunch and coffee breaks throughout the duration of the training.
- Certificate of Attendance
|
|
| |
 |
|