Web Application Security Audit Assessment Bootcamp by sparkunder13


									             Web Application Security Audit &
                 Assessment Bootcamp

                                   A Hands-On course
                             for IT Security Professionals &
                               Auditors interested in Web
                            Application Controls, Auditing
                            and Assessment Techniques

    Iverson Associates Sdn Bhd, Centrepoint
    Bandar Utama
                                                                     23 CPE
    25th to 26th March 2009                                         Hours for

Upon completion of the training, participants will be able to:
    Understand the what, why, when, where, and how of web application
     security and not just using simple checklists for assessment and
    Describe the current and future technologies and architecture
     deployed in current web applications today
    Understand and identify the inherent application security risks that
     are both automated and manual
    Identify the security solutions to secure the implementation and
     operations of web applications
    Determine and apply the appropriate audit approach to assess the
     security and controls of web applications

 HRDF Claimable
 Hands-on workshop with computer lab facilities
 Only Limited Seats available, sign up now to confirm your seat!
Course Contents
 Systems approach to web application
 security and control reviews

 Structured walkthroughs
   Systems Abstracts
   Process Abstracts
   Data Models
   Event Models

 Introduction to Application Controls
    Application Access Controls
    Accuracy checks
                                                Lab Sessions to Review Common
    Completeness checks                        Insecurities
    Authenticity checks                          Application profiling
    Timing/Cut-Off/Period checks                 User Profiling
    Recoverability/Isolation                     Web site profiling (e.g. using
    Operations Controls                           Teleport Pro)
    Confidentiality                              Web Application Security
    Integrity                                    Vulnerability Scanning using Nikto
    Availability                                 Google Hacking
                                                  Brute forcing attacks
    Auditability                                 Other Web Server attacks
    Messaging Controls
    Inter-connection / interface controls   METHODOLOGY

 Systems Development Supporting              Interactive classroom lectures, case studies
 Application Controls                        and hands-on lab sessions.
   Project controls
   Requirements Specification and           TARGET AUDIENCE
                                             This training is designed for auditors,
   Programming/Coding controls
   Acceptance Testing                       IT/network security administrators,
   Security and Stress Testing              information security managers and
                                             operations personnel involved in securing
 Common Application Security                 and auditing web applications.
   Hardware Controls
   Operating System Controls                TRAINER
   Database Controls                        RONALD YAP, BSc (Hons), CISA, CISSP
   Application Controls
   User/Manual Controls                     Ronald is an experienced information
                                             security professional that has been involved
 TCP/IP Based Application Security
 Testing Methods and Tools                   in numerous IT security reviews within the
                                             industry and e-business systems
                                             implementations for various commercial and
                                             government organizations. He is also a
                                             regular trainer for the Institute of Banks
                                             Malaysia on their IT Courses, Business
                                             Continuity and Information Security courses.

                                             He has also worked with a number of
                                             leading-edge technologies in a variety of
                                             industries and environments ranging from
                                             telecommunications, banking, broadcasting,
                                             shipping and securities.
                                   EVENT REGISTRATION FORM
         Information Systems Audit and Control Association (ISACA) Malaysian Chapter

  Date              25th to 26th March, 2009

  Venue             Iverson Associates, Suite T113-T114, 3rd Floor, Centrepoint, Lebuh Bandar Utama, Bandar
                    Utama, 47800 Petaling Jaya, Selangor.

  Fees              RM 2,800 for members
                    RM 3,200 for non-members

  Contact           Mr. Jayaseelan s/o Subramaniam (017-2196225) – ISACA Office Administrator
                    Email : officeadmin@isaca.org.my          Tel or Fax : 03 - 7726 1257

          Participant Name                     Designation         Membership No.                 Email

Organisation’s and Contact Details

Organisation’s Name

Contact Person                                           Department
Designation                                              E Mail
Telephone                                Ext             Fax
This brochure can be downloaded from www.isaca.org.my
Please complete all the information above and fax the form back to 03 – 7726 1257 immediately.

            ______________________________________________                _______________________________

            Name & Signature of Nominating Officer                                Company Stamp

 Reservation         Places are LIMITED. Please register AS EARLY AS POSSIBLE. Registration will only be
                     confirmed upon receipt of registration form, followed by payment
 Registration        Participants must complete the attached registration form together with payment. Upon
                     receipt of the registration, the fee will be a debt due to ISACA Malaysia Chapter.
                     Registration fees include certificate of participation, training materials and bonus materials.
 Payment             Cheques should be made payable to “Information Systems Audit And Control
                     Association” and mailed to: Director – Events, ISACA Malaysia Chapter, Unit 916, 9th
                     Floor, Block A, Damansara Intan, No: 1, Jalan SS 20/27, 47400, Petaling Jaya,
                     Selangor, Malaysia

                 Alternatively, payment can be banked into:
                 Maybank 512231822725, bank-in slip MUST BE faxed back to 03 - 03-7726 1257, with
                 fax cover note stating Event Name, Organisation/Participant(s) Name and Amount
                 Banked In. Payment will not be recognized if we do not receive this fax cover note.
 Substitutions   Fees are not refundable once registration is confirmed. Substitutions are welcomed.
 Certificate     All participants will receive a certificate of attendance upon completion of the training.
 ISACA Malaysian Chapter reserves the right to change the venue, date, speakers, programme or to cancel the
 programme should unavoidable circumstances arise. A full refund of fees will be made in the event of

To top