Security
best-practice organizations such as Gartner and ICSA have indicated
that 60%-70% of successful hacking attempts were web-based hacks
over port 80 that exploited CGI script, web forms, or web server
vulnerabilities. Traditional network-based firewalls are unable
to prevent or detect these types of attacks. This seminar will
focus on the risks and vulnerabilities of web technologies and
web applications, as well as the controls needed to mitigate any
weaknesses such as command injection, cookie poisoning, and SQL
injection attacks. Topics that will be addresses include authentication
options, cookies, form fields, data validation, and parameterized
SQL. Although the focus of this seminar is on security, transaction
integrity will be addressed to some extent as well. This course
uses Apache as an example for assessing web server controls. Web
application vulnerabilities are discussed in the context of Perl
scripts-based applications.
o Introduction to Web Technologies
o Web Server Controls
o Web Sessions & and Browser Based Data
o Authentication and Access Controls
o SSL
o Web Privacy Issues
o Apache Web Server
o Web Application Vulnerabilities & Controls
o Preventing Web Application Hacks
