Web Application Security Audit & Assessment Bootcamp A Hands-On course for IT Security Professionals & Auditors interested in Web Application Controls, Auditing and Assessment Techniques Iverson Associates Sdn Bhd, Centrepoint Bandar Utama 23 CPE 25th to 26th March 2009 Hours for CISA/CISM Holder Upon completion of the training, participants will be able to: Understand the what, why, when, where, and how of web application security and not just using simple checklists for assessment and auditing. Describe the current and future technologies and architecture deployed in current web applications today Understand and identify the inherent application security risks that are both automated and manual Identify the security solutions to secure the implementation and operations of web applications Determine and apply the appropriate audit approach to assess the security and controls of web applications HRDF Claimable Hands-on workshop with computer lab facilities Only Limited Seats available, sign up now to confirm your seat! Course Contents Systems approach to web application security and control reviews Structured walkthroughs Systems Abstracts Process Abstracts Data Models Event Models Introduction to Application Controls Application Access Controls Accuracy checks Lab Sessions to Review Common Completeness checks Insecurities Authenticity checks Application profiling Timing/Cut-Off/Period checks User Profiling Recoverability/Isolation Web site profiling (e.g. using Operations Controls Teleport Pro) Confidentiality Web Application Security Integrity Vulnerability Scanning using Nikto Availability Google Hacking Brute forcing attacks Auditability Other Web Server attacks Messaging Controls Inter-connection / interface controls METHODOLOGY Systems Development Supporting Interactive classroom lectures, case studies Application Controls and hands-on lab sessions. Project controls Requirements Specification and TARGET AUDIENCE Design This training is designed for auditors, Programming/Coding controls Acceptance Testing IT/network security administrators, Security and Stress Testing information security managers and operations personnel involved in securing Common Application Security and auditing web applications. Architectures Hardware Controls Operating System Controls TRAINER Database Controls RONALD YAP, BSc (Hons), CISA, CISSP Application Controls User/Manual Controls Ronald is an experienced information security professional that has been involved TCP/IP Based Application Security Testing Methods and Tools in numerous IT security reviews within the industry and e-business systems implementations for various commercial and government organizations. He is also a regular trainer for the Institute of Banks Malaysia on their IT Courses, Business Continuity and Information Security courses. He has also worked with a number of leading-edge technologies in a variety of industries and environments ranging from telecommunications, banking, broadcasting, shipping and securities. EVENT REGISTRATION FORM Information Systems Audit and Control Association (ISACA) Malaysian Chapter Event WEB APPLICATION S ECURITY AUDIT & ASSESSMENT BOOTCAMP Date 25th to 26th March, 2009 Venue Iverson Associates, Suite T113-T114, 3rd Floor, Centrepoint, Lebuh Bandar Utama, Bandar Utama, 47800 Petaling Jaya, Selangor. Fees RM 2,800 for members RM 3,200 for non-members Contact Mr. Jayaseelan s/o Subramaniam (017-2196225) – ISACA Office Administrator Email : email@example.com Tel or Fax : 03 - 7726 1257 Participant Name Designation Membership No. Email Organisation’s and Contact Details Organisation’s Name Address Contact Person Department Designation E Mail Telephone Ext Fax This brochure can be downloaded from www.isaca.org.my Please complete all the information above and fax the form back to 03 – 7726 1257 immediately. ______________________________________________ _______________________________ Name & Signature of Nominating Officer Company Stamp Reservation Places are LIMITED. Please register AS EARLY AS POSSIBLE. Registration will only be confirmed upon receipt of registration form, followed by payment Registration Participants must complete the attached registration form together with payment. Upon receipt of the registration, the fee will be a debt due to ISACA Malaysia Chapter. Registration fees include certificate of participation, training materials and bonus materials. Payment Cheques should be made payable to “Information Systems Audit And Control Association” and mailed to: Director – Events, ISACA Malaysia Chapter, Unit 916, 9th Floor, Block A, Damansara Intan, No: 1, Jalan SS 20/27, 47400, Petaling Jaya, Selangor, Malaysia Alternatively, payment can be banked into: Maybank 512231822725, bank-in slip MUST BE faxed back to 03 - 03-7726 1257, with fax cover note stating Event Name, Organisation/Participant(s) Name and Amount Banked In. Payment will not be recognized if we do not receive this fax cover note. Substitutions Fees are not refundable once registration is confirmed. Substitutions are welcomed. Certificate All participants will receive a certificate of attendance upon completion of the training. ISACA Malaysian Chapter reserves the right to change the venue, date, speakers, programme or to cancel the programme should unavoidable circumstances arise. A full refund of fees will be made in the event of cancellation.
Pages to are hidden for
"Web Application Security Audit Assessment Bootcamp"Please download to view full document