DELAVNICA 2: Web and Mobile – Ethical hacking Through practical examples
Darko Mihajlovski, HALKBANK AD Skopje
„Web and Mobile – Ethical Hacking“ is a practical one-day interactive program involving guidelines, roadmaps, examples, exercises, case studies and discussions which takes you on a wild and fascinating journey into the cyber security discipline of web and mobile application pentesting. This is a very handson course that will require you to set up your own pentesting environment.
Who Should Attend This Course? / Audience
The „Web and Mobile – Ethical Hacking” training course is designed for IT/IS Professionals, Security
Officers, IT/IS Managers, who, in any capacity, deal with the PCI DSS requirements and tasks related to
Pre-requisites: This class is intended for security professionals who have at least a baseline understanding of penetration testing and security policy principles. Approximately two years of experience in cyber security or some well-established information security certification is highly recommended. You’re also expected to have a basic understanding of Linux and be comfortable working with the command line. In addition, you should have familiarity with virtualized environments such as VMWare or VirtualBox and also understand how to configure a browser’s proxy settings. But don’t let these requirements deter you.
Training Methods and Course Materials
For each course attended, you will be provided with:
- workshop model solutions;
- checklists, forms and charts which you can use immediately in your projects;
- directions (links) towards extensive documents and resources;
- Information regarding access to web-resources and etc.;
- Post access to the presenter via phone and email for up to 3 months after the completion of the course.
The students should bring laptops with configuration that will support running a virtual image with
minimum 2GB of RAM.
There should be installed "Virtual Box" software, with minimum version: VirtualBox-5.0.6-103037 (for
Windows or Linux OS).
- Web-Application Ethical Hacking
o HTTP and HTTPS basics
o Examine packet structure and how packets can be manipulated by attackers
o Why sites get hacked – sites get hack for a number of reasons... The main ones are because websites provide a large attack surface and the technologies that run on them are subject to common vulnerabilities such as SQLI, XSS, LFI, and RFI.
o Hacker methodology – the steps followed by an attacker which consist of footprinting, scanning, enumeration, gaining access, maintaining access, and covering one’s tracks.
o A host of essential tools will be presented throughout the course - Manual and automated approaches
- Attack vectors included:
o SQLI – structured query language injection is a common exploit that takes advantage of improperly-filtered user input.
o XSS – cross site scripting takes advantage of a client-side vulnerability that allows an attacker to inject code that can execute malicious scripts.
o LFI and RFI – local file inclusion and remote file inclusion respectively, are attacks where malicious files are installed on a vulnerable server.
- A bunch of Hacking Tools are included
- Mobile-App Ethical Hacking
o SmartPhone Penetration Framework Intro
o AppUse Intro
o Zante Intro
o Reporting best practices – this is what sets straight-up hackers apart from the professionals.
About the Presenter
With his 4 years’ experience as an IT Systems Engineer, and more than 6 years hands-on experience in
the field of Information Security, besides CISO’s operations and governance in the Bank, currently
working as responsible for PCI DSS implementation and maintenance in the Bank’s Card-Holder-Data-
Environment, as well.
Darko’s educational status is Master of Science with Master thesis in the field of Industrial Information
Security (SCADA Environment). His professional background is accompanied with several certifications in
the field of information security, such as: Certified Ethical Hacker (CEH), Certified ISO27001:2013 Lead/External Auditor; Certified ISMS Implementer (ISO/IEC 27001), Microsoft Certified Professional (MCP), HP Accredited Platform Specialist (APS); Certified Linux Administrator (Linux Server Professional Certification); Information Technology Infrastructure Library (ITIL), Qualys Certified Specialist (Policy Compliance, Vulnerability Management, Web Application Scanning, Threat Protection).
His resume includes several publications:
- Assessing Industrial Networks,
- Hacking Techniques performed in Industrial Environment,
- Compensation controls as an alternative method for PAN numbers encryption in MS SQL Database (PCI DSS 3.0 Chapter 3.4),
- Attacking IT-Defense Devices,
- Implementation of „SSL for ADO.Net“ for Encryption of the Data In Transit in the Corporate Network (PCI DSS 3.1 Chapters 2.3, 4.1).
Date: 29.11.2017, 8.00-17.30 (two 15-minute coffee break, 1 hour for lunch)
Price: 297 € + 22% VAT