Black Hat Windows Security 2003

Note: if the class is overfilled, then you will be wait-listed. You will be contacted should this occur.


Windows 2003 Training
February 24-25 2003
Seattle Sheraton Hotel & Towers

All course materials, lunch and two coffee breaks will be provided.
You must provide your own laptop.
A Certificate of Completion will be offered to students completing the course.

Course Length: 2 days

Cost: US $2000 before January 15, 2003 or US $2200 after January 15, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.


course description
Two Day Course
Mon, Feb 24 thru Tuesday, Feb 25
Hacking Web Applications
Jeremiah Grossman & Bill Pennington
White Hat Security
What to bring:

Laptop with:

  • Functioning 802.11b Network Card
  • Perl
  • Curl
  • Netcat
  • Recent Web Browser


"Security tops list of reasons not to deploy Web Services"

Companies of all shapes, sizes, and business pursuits continually expose and release greater amounts of their critical business functions onto the World Wide Web. Software that at one time ran on mainframes, which used to be physically secured within a frigid data center made available to only a select few who were directly connected. Now the web servers may be distributed and the are accessible to anyone on the net. With this type of access come dangerous new paradigms of risk for security professionals for business IT departments. The 2002 CSI/FBI Computer Crime Survey reports thirty-eight percent of survey respondents suffered unauthorized access or misuse on their web sites within the last twelve months. Twenty-one percent said that they didn't know if there had been unauthorized access or misuse.

Firewalls and Intrusion Detection Systems are rendered useless in defending against web application based attacks. After all, a firewall is specifically configured to let web traffic enter the site and most IDS systems simply cannot determine what is safe allowable web traffic. Current automated web security scanners also do not detect most web application security vulnerabilities due to the complex and unique nature of each individual web application. This lack of thorough automated tools and other web security solutions heightens the industry’s need for well trained, informed web security personnel.

WhiteHat Security is the leader in field of web application security. WhiteHat's renowned top-level consults have developed a number of highly advanced proprietary tools and techniques over the past several years to assist them in uncovering web application vulnerabilities quickly and effectively. It is WhiteHat Security’s great pleasure to share and clearly explain the tools and sought-after techniques for assessing web applications in this hands-on 2-day course.

Who should take the course?
System and network administrators, corporate security personnel, security auditors, consultants, and web application developers concerned with web security. Basic UNIX or Windows NT competency is required for the course to be fully beneficial.

What will you learn?
WhiteHat consultants will disclose all steps included in performing a complete security audit of any web application no matter the technology or complexity involved. Students will learn how to find and exploit these vulnerabilities using everything from simple web browsers to WhiteHat-authored tools.

During the class, students will be given access to WhiteHat's testing lab where they can explore and experiment with everything discussed in the class.

What topics are covered?

  • Profiling Web Applications
  • Finger Printing Web Servers
  • Mapping Application Flow
  • Technical Vulnerabilities:
    • Cross Site Scripting
    • URL Manipulation Attacks
    • CGI Parameter Tampering
    • SQL Injection Attacks
    • Session Attacks
    • Cookie Manipulation
  • Assessment Techniques:
    • Bypassing Javascript filters
    • Manipulating hidden form fields
    • URL Manipulation
    • CGI Parameter Tampering
    • HTTP Request Header Manipulation
    • Evasion
    • HTTP Request Method Manipulation
    • Http Method Switching
    • Automated Testing Techniques
    • Using Open Source Testing Tools

What are the labs like?
WhiteHat believes in creating a stimulating environment where students will gain knowledge from fellow class members as well as instructors. WhiteHat's smaller class sizes and hands-on environment foster interaction between instructors and students as well as students and their peers. WhiteHat has created a lab environment that simulates real world web applications and the security vulnerabilities commonly found in them. Students are encouraged to explore these applications and uncover the security issues themselves. Instructors will demonstrate the techniques used to assess the applications, then students apply them in the lab environment. This reinforces the knowledge taught and leads to greater retention.

What will students get?
Students will receive a CD including: all class materials, programs only available to class attendees, and a FREE single server license of ServerMask 3.0 for IIS. Students will also receive a "WhiteHat Security Hacking Web Applications" Certificate of Completion.

Course Length: 2 days

Cost: US $2000 before January 15, 2003 or US $2200 after January 15, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.



Jeremiah Grossman, Founder and CEO of WhiteHat Security, Inc. & Former Yahoo! Information security officer.

As information security officer at Yahoo!, Jeremiah designed, audited, and penetration-tested all of the company's thousands of web applications. As one of the world's busiest web properties, with over 17,000 web servers for customer access, all of these applications demanded the highest level of security available.

Continuing his work of the past 5 years, Jeremiah researches and applies his expertise to all aspects of information security with special emphasis on detection and prevention of web application attacks. His endeavors have yielded successes such as the widely used assessment tool "WhiteHat Arsenal", as well as the acclaimed "Web Server Fingerprinter" tool and technology.

Grossman is a frequent Information Security speaker at Web Application Security conventions including the Black Hat Briefings, the Air Force and Technology Conference, Defcon and ToorCon. He is considered to be among the world's foremost web security experts. Jeremiah is also contributing member to the Center for Internet Security Apache Benchmark Group.

Bill Pennington, Senior Information Security Engineer of WhiteHat Security, Inc., CISSP, CCNA

Bill has six years of professional experience in information security and eleven in information technology. Bill’s duties at WhiteHat include conducting web application assessments, developing and delivering WhiteHat training and performing research and development. Bill has performed web application assessments for over three years in a variety of industry verticals including financial services, e-commerce, and biotechnology. He is familiar with OS X, Linux, Solaris, Windows, and OpenBSD, and is a Certified Information Security Systems Practitioner (CISSP) and Certified Cisco Network Administrator (CCNA). He has broad experience in web application security, penetration testing, computer forensics and in intrusion detection systems. Prior to joining WhiteHat, Bill was a principal consultant and technical lead for assessment services at Guardent, a nationwide pure play security services provider.

Bill contributed several chapters to “Hacker's Challenge: Test Your Incident Response Skills Using 20 Scenarios” and is an author of “Hackers Challenge 2”. He has spoken at numerous industry events including BlackHat 2002, ISSA LA/Orange County joint conference, and the International Airport Auditors National Meeting 2001.

Black Hat Logo
(c) 1996-2007 Black Hat