Secure Logging (LogSec)

Secure Logging (LogSec)

Kestus:

9 akadeemilist tundi

Toimumiskoht:

Claryfied Security koolitusklass

Oled sa kindel, et sinu loodud rakenduste logid tegelikult ka pakuvad kõike vajalikku, et vajadusel lahendada turvalisusega seotud intsidente? Kas sa saad oma logisid usaldada?

IT Koolitusel on hea meel kutsuda teid meie partneri Clarified Security korraldatavale 1-päevasele koolitusele Secure Logging. Secure Logging koolitus katab ära logide ja logide turvalisuse teema, mis tarkvaraarenduses jääb tihti korrektselt käsitlemata ning sellele on liiga hilja mõelda peale tarkvara üleandmist. Korrektselt rakendatud logimine annab värskelt arendusest tulnud tootele/tarkvarale olulise lisaväärtuse, millega võib teoreetilise intsidendi lahendamisel säästa nii aja-, raha- kui närvikulu.

Sihtgrupp: Koolitusele on oodatud kõik, kes on veebirakenduste turvalisuse protsessiga seotud - veebiarendaja, administraator, testija, süsteemianalüütik, IT (turva)juht ja turvaspetsialist

Koolituse tulemused / ÕpiväljundidThe main outcome is to help trainees understand different possible attacks that can be conducted towards logs or by using logs; how to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.

Trainer will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

 

Koolitusel osalemise eeldused (soovitavalt): Koolitusele on oodatud kõik, kes on veebirakenduste turvalisuse protsessiga seotud - veebiarendaja, administraator, testija, süsteemianalüütik, IT (turva)juht ja turvaspetsialist

Maht: 9 akadeemilist tundi

Koolitusel käsitletavad teemad ja sisukirjeldus:This training is based on the most frequently occurring security issues in logging implementations and solutions that our team has encountered over years of application penetration testing and other related experiences when working with logs.

Some of the issues we tend to often see can be exploited for log evasion, tampering logs integrity and attacking log viewers. During the training all of the attacks are explained in theory and then immediately practiced in our hands-on lab environment. Naturally, relevant defence methods are also explained.

Hands-on labs are based on web application and server logs, but the concepts can be applied much wider to the overall topic of working with logs.

The main topics covered are:

  • Log evasion - techniques how to avoid being logged. This includes HTTP parameter pollution, relocating parameters in HTTP request and hiding attack payloads using XSS.
  • Attacking text- and web-based log viewers using XSS, special UTF characters, field and entry separators, bi-directional text.
  • Attacking command-line log viewers using special characters and terminal injection.
  • Log tampering using log injection.
  • Faking IP-addresses in log files by using special headers in queries.
  • Various topics about what to log, when to log, what are the mandatory fields in log files, etc.
  • For each attack vector possible defence methods are also introduced.

 

You can participate in the training with the Unemployment Insurance Fund training card.

See you at the training!

Koolitajad

  • Mait Peekma

    Pentester and analyst (WebApps, networks, OS, wireless, devices/hardware), trainer Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined Clarified Security team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting. Mait is the author and trainer of our Secure Logging training. Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

    Mait Peekma

    Pentester and analyst (WebApps, networks, OS, wireless, devices/hardware), trainer Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined Clarified Security team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting. Mait is the author and trainer of our Secure Logging training. Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.
Secure Logging (LogSec)

Kestus:

9 akadeemilist tundi

Toimumiskoht:

Claryfied Security koolitusklass

Oled sa kindel, et sinu loodud rakenduste logid tegelikult ka pakuvad kõike vajalikku, et vajadusel lahendada turvalisusega seotud intsidente? Kas sa saad oma logisid usaldada?

IT Koolitusel on hea meel kutsuda teid meie partneri Clarified Security korraldatavale 1-päevasele koolitusele Secure Logging. Secure Logging koolitus katab ära logide ja logide turvalisuse teema, mis tarkvaraarenduses jääb tihti korrektselt käsitlemata ning sellele on liiga hilja mõelda peale tarkvara üleandmist. Korrektselt rakendatud logimine annab värskelt arendusest tulnud tootele/tarkvarale olulise lisaväärtuse, millega võib teoreetilise intsidendi lahendamisel säästa nii aja-, raha- kui närvikulu.

Sihtgrupp: Koolitusele on oodatud kõik, kes on veebirakenduste turvalisuse protsessiga seotud - veebiarendaja, administraator, testija, süsteemianalüütik, IT (turva)juht ja turvaspetsialist

Koolituse tulemused / ÕpiväljundidThe main outcome is to help trainees understand different possible attacks that can be conducted towards logs or by using logs; how to defend themselves against such threats and also the importance of logging certain data, so that resulting logs would be most beneficial when solving possible security incidents.

Trainer will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

 

Koolitusel osalemise eeldused (soovitavalt): Koolitusele on oodatud kõik, kes on veebirakenduste turvalisuse protsessiga seotud - veebiarendaja, administraator, testija, süsteemianalüütik, IT (turva)juht ja turvaspetsialist

Maht: 9 akadeemilist tundi

Koolitusel käsitletavad teemad ja sisukirjeldus:This training is based on the most frequently occurring security issues in logging implementations and solutions that our team has encountered over years of application penetration testing and other related experiences when working with logs.

Some of the issues we tend to often see can be exploited for log evasion, tampering logs integrity and attacking log viewers. During the training all of the attacks are explained in theory and then immediately practiced in our hands-on lab environment. Naturally, relevant defence methods are also explained.

Hands-on labs are based on web application and server logs, but the concepts can be applied much wider to the overall topic of working with logs.

The main topics covered are:

  • Log evasion - techniques how to avoid being logged. This includes HTTP parameter pollution, relocating parameters in HTTP request and hiding attack payloads using XSS.
  • Attacking text- and web-based log viewers using XSS, special UTF characters, field and entry separators, bi-directional text.
  • Attacking command-line log viewers using special characters and terminal injection.
  • Log tampering using log injection.
  • Faking IP-addresses in log files by using special headers in queries.
  • Various topics about what to log, when to log, what are the mandatory fields in log files, etc.
  • For each attack vector possible defence methods are also introduced.

 

You can participate in the training with the Unemployment Insurance Fund training card.

See you at the training!

Koolitajad

  • Mait Peekma

    Pentester and analyst (WebApps, networks, OS, wireless, devices/hardware), trainer Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined Clarified Security team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting. Mait is the author and trainer of our Secure Logging training. Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

    Mait Peekma

    Pentester and analyst (WebApps, networks, OS, wireless, devices/hardware), trainer Mait is a versatile pentester with extensive pentesting and stress-testing background in the banking sector. Mait joined Clarified Security team in March 2012 and came from Swedbank security team where he was mostly involved with WebApps and network pentesting. Mait is the author and trainer of our Secure Logging training. Mait has a M.Sc (cum laude) in IT from Tallinn University of Technology. He wrote his Masters thesis about ZigBee wireless protocol security.

Lisainfo

Registreerudes e-poe, e-kirja või telefoni teel, saadame Teile arve ja täpsema info osalemise kohta.
Üksteist päeva enne koolitust saadame Teile e-kirjaga meenutuse osalemise infoga.

Koolitusel osalemine on nimeline, kuid saate osalejat tasuta muuta kuni koolituse alguseni.

Koolituse eest tasumine toimub arvel viidatud arveldusarvele. Arve saadetakse maksja aadressile e-postiga. Arve tuleb tasuda enne koolituse algust arvel märgitud maksetähtajaks.

IT Koolitus on Eesti Töötukassa koolituskaardi koostööpartner. Tutvuge koolituskaardi infoga SIIN.
Täpsema info saamiseks võtke meiega ühendust telefonil 618 1727 või [email protected].

Tühistamisinfo

Kui te ei saa mingil põhjusel koolitusel osaleda, palun andke sellest teada e-posti aadressil [email protected]. Kui teatate mitteosalemisest vähemalt 7 kalendripäeva ette, lepime Teiega kokku uue aja või tagastame 100% koolituse maksumusest. Tagastame koolituse osalustasu täismahus juhul, kui pole tehtud koolituse korraldamisega seotud kulutusi (ostetud õppematerjale jms). Koolitusele mitteilmumisel, sellest mitteteatamisel või koolituse poolelijätmisel õppetasu ei tagastata.

Asukoht ja kontaktid

Aadress

Lõõtsa 12, Tallinn

IT Koolitus Vana-Lõuna 39/1, Tallinn 6181727 [email protected]

© AS Äripäev 2000-2024
  • Aadress: Vana Lõuna 39/1, 19094 Tallinn
  • Klienditugi: 667 0099 (8:15-17:00)
  • E-post: [email protected]