Hey guys,
If you haven’t read the previous articles here they are:-
So, moving onto module 7 and seeing as we are covering web application security it will come as no surprise that this is the BIGGEST module of the course covering a whole heap of subjects which is great as a learner.
- Overview of Web Application Incident Handling
- Introduction to Web Applications
- Web Application Architecture
- Introduction to Web Application Incident Handling
- Web Application Security Threats and Attacks
- OWASP Top 10 Application Security Risks – 2017
- A1 – Injection Flaws
- SQL Injection Attacks
- Command Injection Attacks
- File Injection Attack
- LDAP Injection Attacks
- A2 – Broken Authentication
- A3 – Sensitive Data Exposure
- A4 – XML External Entity (XXE)
- A5 – Broken Access Control
- A6 – Security Misconfiguration
- A7 – Cross-Site Scripting (XSS) Attacks
- A8 – Insecure Deserialization
- A9 – Using Components with Known Vulnerabilities
- A10 – Insufficient Logging and Monitoring
- Other Web Application Threats
- Directory Traversal
- Unvalidated Redirects and Forwards
- Watering Hole Attack
- Cross-Site Request Forgery (CSRF) Attack
- How CSRF Attacks Work
- Cookie/Session Poisoning
- Web Services Footprinting Attack
- XML Poisoning Attack
- Hidden Field Manipulation Attack
- Attacks Using Single and Double Encoding
- Preparation to Handle Web Application Security Incidents
- Steps to Handle Web Application Security Incidents
- Deploying a WAF
- Deploying SIEM Solutions
- Detecting and Analysing Web Application Security Incidents
- Indicators of Web Application Security Incidents
- Detecting Web Incidents: Automated Detection
- Detecting Web Incidents: Manual Detection
- Detecting Web Incidents: Manual Detection – SQL Injection
- Detecting Web Incidents: Manual Detection using Regex – SQL Injection
- Detecting Web Incidents: Manual Detection – XSS Attacks
- Detecting Web Incidents: Manual Detection using Regex – XSS Attacks
- Detecting Web Incidents: Manual Detection – Directory Traversal Attacks
- Detecting Web Incidents: Manual Detection using Regex – Directory TraversalAttacks
- Detecting Web Incidents: Manual Detection – Dictionary Attacks
- Detecting Web Incidents: Manual Detection – Stored Cross Site Script Attacks
- Detecting Web Incidents: Manual Detection – DoS/DDoS Attacks
- Detecting Web Incidents: Manual Detection – Potentially Malicious Elementswithin HTML
- Detecting Web Incidents: Manual Detection – Malicious Elements in Common Web File Types
- Detecting Web Incidents: Manual Detection – RFI Attacks
- Detecting Web Incidents: Manual Detection – LFI Attacks
- Detecting Web Incidents: Manual Detection – Watering Hole Attacks
- Analysing Web Server Content
- Log Analysis Tools
- Containment of Web Application Security Incidents
- Containment of Web Application Security Incidents
- Containment Methods
- Containment Tools
- Eradication of Web Application Security Incidents
- How to Eradicate Web Application Security Incidents
- Eradicating Injection Attacks
- Eradicating Broken Authentication and Session Management Attacks
- Eradicating Sensitive Data Exposure Attacks
- Eradicating XML External Entity Attacks
- Eradicating Broken Access Control Attacks
- Eradicating Security Misconfiguration Attacks
- Eradicating XSS Attacks
- Eradicating Insecure Deserialization Attacks
- Eradicating Attacks due to Known Vulnerabilities in Components
- Eradicating Insufficient Logging and Monitoring Attacks
- Eradicating DoS/DDoS Attacks
- Eradicating Web Services Attacks
- Eradicating CAPTCHA Attacks
- Eradicating other Web Application Attacks
- Implement Encoding Schemes
- Eradicate XSS Attacks using HTML Encoding
- Eradicate SQL Injection Attacks using Hex Encoding
- Recovery from Web Application Security Incidents
- Recovery from Web Application Incidents
- Tools to Recover from Web Application Incidents
- Best Practices for Securing Web Applications
- Best Web Application Coding Practices
- Web Application Fuzz Testing
- Source Code Review
- Web Application Security Testing Tools
- Module Summary
Each section is covered extremely well with easy-to-understand descriptions and some nifty diagrams like this, so it was very well put out.
There are only three labs which I was a little surprised at, but it was actually all that was needed for the module.
Lab 1
Detecting SQL Injection and XSS Attacks using dotDefender
The dotDefender is a Web Application Firewall (WAF) that protects any web site or web service on your server, and continues to protect as you update, change, and expand your code.
We learn how to detect web application attacks such as SQL injection and XSS attacks using the dotDefender tool.
Lab 2
Manual Detection of SQL Injection and XSS Attacks from IIS Logs
IIS Logs consist of all the web requests and analysing them can assist in the detection of web application attacks.
We learn how to manually detect SQL injection and XSS attacks from IIS logs.
Lab 3
Performing Web Application Vulnerability Scanning
Vulnerability scanning enables an incident responder to identify network vulnerabilities, open ports, and running services as well as application and services configuration errors, and application and services vulnerabilities.
We learn how to perform web application vulnerability scanning.
Thanks for your time as always.
Alex
1 thought on “Week Nine of EC-Council Certified Incident Handler (ECIH) Version 2 Self-Study Training”