Black Hat AsiaTraining 2003
The Marina Mandarin Hotel, Singapore

All course materials, lunch and two coffee breaks will be provided. A Black Hat Certificate of Completion will be offered.

REGISTER NOW

Overview:
“It is 9 p.m. Your company's web store application is broken, and incidentally, tomorrow is the launch date of the company's web store. The media is waiting, and so is your board of directors. You need to fix it by 5 a.m. to make the 7 a.m. launch deadline. FIND OUT WHAT IS WRONG, AND FIX IT.”

The course gives the students an overview of web application security, by first having them find the security holes with a web application modeled on a real life example, and then take the necessary steps to secure it, from various aspects.

Key Learning Objectives:

• Problems that occur when developing a web application.
• Security issues when deploying a web application.
• Web application security testing
• Securely configuring web servers
• Spotting basic errors in web application code
• Basic error handling techniques
• Securing the back end database connection

General Learning Objectives:

• Developing procedures to test and maintain the security of a web application.
• Secure coding techniques
• Proficiency with security testing tools and procedures.

Who Should Attend:

1. Developers: Learn what can go wrong with badly written application code, and how to prevent such errors.
2. Web site administrators: Learn how to securely configure a web server and an application server, without compromising on functionality.
3. Project managers / IT managers: Learn how to be effective in maintaining a secure web application, going ahead.
   
4. Security consultants: who primarily work on penetration testing of web applications and providing remediation procedures and recommendations.

Saumil Udayan Shah
Founder and Director, Net-Square Solutions Pvt. Ltd.

Saumil continues to lead the efforts in e-commerce security research at Net-Square. His focus is on researching vulnerabilities with various e-commerce and web based application systems. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than nine years experience with system administration, network architecture, integrating heterogenous platforms, and information security and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker at security conferences such as BlackHat, RSA, etc.

Previously, Saumil was the Director of Indian operations for Foundstone Inc, where he was instrumental in developing their web application security assessment methodology, the web assessment component of FoundScan - Foundstone's Managed Security Services software and was instrumental in pioneering Foundstone's Ultimate Web Hacking training class.

Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company's ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, infomation security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)

Nitesh Dhanjani
Nitesh Dhanjani is a senior consultant for Ernst & Young's Advanced Security Center. He has performed network, application, web-application, wireless, source-code, host security reviews and security architecture design services for clients in the Fortune 500.

Nitesh is the author of "HackNotes: Unix and Linux Security" (Osborne McGraw-Hill). He is also a contributing author for the best-selling security book "Hacking Exposed 4" and "HackNotes: Network Security".

Prior to joining Ernst & Young, Nitesh worked as consultant for Foundstone Inc. where he performed attack and penetration reviews for many significant companies in the IT arena. While at Foundstone, Nitesh both contributed to and taught parts of Foundstone s "Utimate Hacking: Expert" and "Ultimate Hacking" security courses.

Nitesh has been involved in various educational and open-source projects and continues to be active in the area of system and Linux kernel development. He has published technical articles for various publications such as the Linux Journal.

Nitesh gratuated from Purdue University with both a Bachelors and Masters degree in Computer Science. While at Purdue, he was involed in numerous research projects with the CERIAS (Center for Education and Research Information Assurance and Security) team. During his research at Purdue, Nitesh was responsible for creating content for and teaching C and C++ programming courses to be delievred remotely as part of a project sponsored by IBM, AT&T, and Intel.