CAST 613 Hacking and Hardening your Corporate WebApplication

1. Introduction2. Cryptography Decrypted- Introduction3. Account Management – The Key to it all?4. Parameter Diddling5. Transport Layer Protection – Safety During the Commute6. Cross Site Scripting (XSS) – Truth Is I just do what I am told7. Cookies – Not Just for Hansel and Gretel8. Internal Implementation Disclosure – What’s going on inside the Beast9. SQL Injection – SQL Injection- What’s a Command, What’s Data?10. Cross Site Attacks – Same Origin Policy. Everyone Else Breaks it why shouldn’t we? What you will learn: Much thought was put into the course to be sure it worked and could be taught as a language agnostic course providing both the developer as well as management types to be exposed to how their own web site/web app could be compromised.The course will require no special pen testing tools that are normally used during a course similar to this. The author expects that you simply understand program logic. And if you know development techniques and have an architecture background you will walk away with a heightened sense of awareness about the things you do on a day to day basis.Regardless if you are the developer, the architect or even the project manager each will walk away with an astonishing clarity of how things could be easily improved and secured. To get the most from the course all participants should have at least some programming experience.This course is NOT language specific although program logic and design concepts both are an absolute must have! Most of the entire course will be not only enlightening but also entertaining and easily well worth the time allocated to take. You will instantly _nd yourself suggesting this course to other developers, project managers and architects on your team and at your company!