India now is almost the start-up capital of the world with start-ups in ecommerce especially and in the Android app area ruling the roost. These start-ups mostly depend on websites (http/s) traffic for their application. This 2 day hands on workshop will train you in how to find security holes in your network infrastructure and website and give guidance on how to fix them.

Two sessions on each day morning of 2 hours each understanding various possible vulnerabilities. These sessions cover types of security holes such as infrastructure vulnerabilities, web app vulnerabilities such as sql injection or XSS, What these holes/vulnerabilities are and how they occur will be discussed.. Then, some simple examples will be shown, along with techniques on how to detect the security holes/vulnerabilities including penetration testing. Use of various tools to detect will be introduced in these sessions. Finally, guidelines will be given on how to fix the security holes. Focus will also be given on live interactions between the participants and the presenter.
Hands-on laboratories will be conducted in the afternoon sessions every day. Participants will get hands on practical experience on the discussed topics. The laboratory will be of at least 3 hours every day. The participants will do practical exercises on how to perform testing to find the security holes/vulnerabilities using the tools and topics understood in the morning sessions.

Why Attend

Governments and businesses find themselves scrambling to stay up to date on the latest vulnerabilities, technologies, and defense and prevention strategies as cyber-attacks become more common, stealthy, sophisticated, costly, and brazen. The program intends to make attendees better informed and more savvy about protecting their organizations against the cyber threats they face around the clock from malicious hackers, the myriad forms of ever-evolving malware, disgruntled insiders, and other IT security risks and dangers.

Pre-requisites for this workshop

  • Basic knowledge of Windows operating systems.

  • Basic knowledge in networking technologies.

  • Basic exposure to information security will help.

  • Knowledge of using / developing web applications, and an exposure to html and http is desirable

Who Should Attend

  • Security Engineers

  • Security Architects

  • Security admins

  • Developers

  • Data Security & Protection personnel

  • CISO, CIO & CTO’s

Profile of workshop trainer

Dr. Samir Kelekar has a BTech from IIT Bombay, and Phd from Columbia University with a total of 30 years of experience. He has worked at IBM Research, Motorola, Alcatel and a number of start-ups. He has consulted for a number of top companies and found security holes in a number of websites and software. He owns three US patents in the area of security. Samir is also a prolific communcator, a writer, a blogger and a columnist.

Samir currently is a founder of Teknotrends Software Pvt Ltd.
www.teknotrends.com
Samir writes a popular blog on security which can be seen at
www.thesecurityblog.in
Samir's profile can be seen at
www.thesecurityblog.in
Here are some of the website / portals for which Samir has tested security recently. Nivaata.com, makemytrip.com, naukri.com, duavivo.com, chamberoman.com, clearscore.com, dgciskol.nic.in, abhibus.com, practo.com

Programme Agenda

Infrastructure Security

Morning Lecture

Networking Concepts, TCP/UDP protocols, IP, ARP, DNS protocols. Other concepts in networking. Security Issues in infrastructure components such as operating systems, web servers etc. Use of Wireshark, Port scanner – nmap. VA tool – Nessus, . A tutorial on http; html, javascript, CSS etc.

Afternoon Hands-on Lab

Use of Nmap, Use of Nessus, Use of Wireshark. Running VA scans and understanding reports. Understanding http protocol.

Web App Security

Morning Lecture

XSS, CSRF, parameter validation, fuzzing, Authorization checks, A tutorial on sql. Basics needed to understand web application security. Use of web scarab proxy. Session Hijacking, sql injection.

Afternoon Hands-on Lab

Finding XSS, CSRF, parameter validation, authorization holes, Use of web scarab. Doing session hijacking via web scarab. Doing sql injection via web scarab.