SYS Computer Training

Target Audience: Database Administrators, Web Administrators/Programmers, System Administrators, Security Auditors, IT Managers

Prerequisites:

Intermediate or Advanced Network and Systems Admin experience
Network Intrusion Protection course

As a result of completing this course, the student will be able to:

·         Modify default db and webserver configurations to be more secure
·         Understand and prevent SQL Injection attacks
·         Understand common web application vulnerabilities
·         Perform Vulnerability Tests on SQL and Webserver Applications

Student Materials:

Binder of printed overheads & labs
Reference Book: TBA

SQL Injection

Integration of SQL Databases with Web Applications
Connection privilege level
SQL Application privilege level
Countermeasures

SQL Server Vulnerabilities

Mixed Mode Authentication
Protecting the sa Account
Password Cracking
Buffer Overflows
Cleartext Data Transmission
Enabling SSL Data and Authentication Encryption

Oracle Vulnerabilities

Rootkits
Password Cracking
Buffer Overflows
Cleartext password Vulnerability

Web Server Vulnerabilities

Buffer Overflows
Unicode Directory Traversal
File Permission Misconfiguration
Denial of Service Attacks
IIS vs. Apache

Web Application Security

Size of E-commerce industry

Why Web Apps are the Being Targeted More and More
OWASP Top Ten Vulnerabilities
Web Application Security Educational Tools
Web Goat
Web Application Testing Tools

Web Scarab
Web Sphinx
Code Spy

Summary List of Lab Exercises/Tools:

· SQL Injection demonstrations

· SQLdict tool

· WebGoat tool

· WebScarab tool

· TamperIE tool