Ultimate Hacking: Web

Discover how to defend against web hackers by learning their trade

Next Steps:


Upcoming Course Dates & Locations: View Schedule

Type of Course: Classroom

Because the Internet is exploding faster than any other business technology, legacy systems in the enterprise are being replaced at a rapid rate. Browser-based applications powered by web servers and backend databases are constantly being evaluated and updated. With every application that an enterprise brings online and each e-business that goes live, malicious hackers are waiting to attack.

This ultimate web security class provides security professionals and application designers with the knowledge and tools to recognize vulnerabilities, develop countermeasures, and perform ongoing assessments of web security. In a hands-on setting, instructors provide demonstrations on how attackers can access sensitive corporate information with little more than a web browser.

What You'll Learn

Unique in the security training industry, Ultimate Web Hacking will show you not only the latest techniques for exploiting web-based applications, but how to defend your organization against these weaknesses. Participants learn CGI, ASP, and Cold Fusion vulnerabilities, as well as exploits such as buffer and input-field overflows. Hands-on lab exercises reinforce the course material in a real-world environment.

Why We Teach This Course

As web technology mushrooms, hackers continuously look to take advantage of the multiplying vulnerabilities. In the Internet age, the way into a company’s network is often right through its website’s home page. Attackers no longer need backdoors or sophisticated tools to compromise a system. Security professionals need to learn how to secure and monitor their web-enabled enterprise by identifying vulnerabilities that can be exploited both internally and externally.

Who Teaches this Course

Foundstone consultants and managers, who actively practice network penetration engagements on many of the world’s leading corporate, government, and military networks, bring real-world scenarios to the classroom. Collectively, they have performed hundreds of web and e-commerce security assessments, as well as managed security programs at Big Five consulting firms, the United States Air Force, and on Wall Street. Foundstone instructors authored the best-selling “Hacking Exposed: Network Security Secrets & Solutions,” one of the industry’s most popular and respected computer security guides.

Who Should Take this Course

This course is for system and network administrators, security personnel, auditors, consultants, and web designers concerned with web security. Basic Unix and Windows NT competency is required for this course to be fully beneficial.

Course Materials

Students receive a free copy of the Mike Andrews-authored, "How to Break Web Software" (or a similar book), an individual dual-boot Windows/Linux laptop for use during class, use of the lab network and computers, class handouts, and a CD-ROM with course tools and scripts.

Continuing Education Credits

This course qualifies for up to 32 hours of continuing professional education (CPE) credits for Certified Information Systems Security Professional (CISSP)/Systems Security Certified Practitioner (SSCP), and 28 hours of CPE credits for Certified Information Systems Auditor (CISA)/Certified Information Security Manager (CISM) holders.