Module 01: Introduction to Secure Coding
§ Case Study: Secure Coding Cuts Application Maintenance Costs
§ Secure Coding
§ Vulnerabilities Statistics For The Year 2008 and 2009
§ Programming Errors
§ Why Security Mistakes Are Made
§ Need for Secure Programming
§ Why Secure Coding is Important
§ Building Blocks of Software Security
§ Types of Security Vulnerabilities
§ Software Vulnerability Life Cycle
§ Types of Attacks
§ Secure Coding Principles
o Security Principles
o Security Through Obscurity
o Buffer Overflows
o Format String Vulnerabilities and Race Conditions
o Locking Problems
o Exception Handling
o Fundamentals of Control Granularity
o Fail-Safe Design Strategies
o Fault Tolerance and Detection
o Fault Removal and Avoidance
o Input and Parameter Validation
o Encrypting Secrets in Memory and Storage
o Scrubbing Information
o Privilege Levels for Information Access
o Loose Coupling
o High Cohesion
o Change Management and Version Control
§ Guidelines for Developing Secure Codes
o Validate All User’s Input
o Sanitize Input Values
o Use the Principle of Least Privilege
o Do Fail Safe
o Handle Sensitive Security Information with Care
o Practice Defense-in-Depth
o Do Not Provide Hints to Attackers
o Do Not Add Comments Telling What the Code Does
o Make (Code) Buddies
o Study and Fix the Defects
o Consider Security Issues During Design
o Avoid Common Security Problems
o Scan Existing Applications for Code Weaknesses
o Use Threat Models
o Perform Software Testing
o Use Automated Source Code Vulnerability Scanning Tools
§ Software Security Checklists
o Authentication
o Authorization
o Data Validation
o Session Management
o Logging
o Error Handling
o Cryptography
o Performance
o Use of Privilege
o User-Server Authentication

Module 02: Designing Secure Architecture
§ Introduction to Secure Architecture
§ Secure Architecture
§ Application Security
§ Factors Affecting Application Security
§ Software Engineering and System Development Life Cycle (SDLC)
§ SDLC Phases
o System Requirements
o Specifications
o Design
o Coding
o Testing
o Maintenance
§ Software Methodology Models:
o Waterfall Model
o RAD (Rapid Application Development)
o JAD (Joint Application Development)
o Fountain Model
o Spiral Model
o Build and Fix
o Synchronize-and-Stabilize
§ Agile Methodologies
§ Extreme Programming (XP)
o Rules and Practices of Extreme Programming
o XP Practices
§ Unified Modeling Language (UML)
o Primary Goals
o Diagram
o UML Tool
§ Rational Rose
§ Borland Together
§ Threat Modeling
o Aspects of Security Threat Modeling
o STRIDE Threat Model
§ Common Criteria
§ Software Development Best Practices
§ Microsoft SDL Threat Modeling Tool
§ Borland® TeamInspector™

Module 03: Cryptography
§ Introduction to Cryptography
§ Encryption
§ Symmetric Encryption
§ DES Symmetric Encryption Process
§ Asymmetric Encryption
§ Asymmetric Encryption vs. Symmetric Encryption
§ Decryption
§ Use of Cryptography
§ Cryptographic Techniques
o Classic Cryptographic Techniques
o Modern Cryptographic Techniques
§ Cipher
§ RSA (Rivest Shamir Adleman)
§ Example of RSA Algorithm
§ RSA Attacks
§ Implementation of RSA in C++
§ The Diffie-Hellman Key Agreement Standard
o The Diffie-Hellman Key Algorithm
o Diagrammatical Representation of Diffie-Hellman Key Algorithm
§ Data Encryption Standard (DES)
§ DES Overview
§ Implementation of DES in Java
§ Rijndael Algorithm
§ RC4, RC5, RC6, Blowfish Overview
§ RC5
§ Blowfish Algorithm in C
§ Message Digest Functions
§ One-way Bash Functions
§ MD5
§ Implementing MD5 in Java
§ Generating a Key and IV for Private-key Encryption
§ SHA (Secure Hash Algorithm)
§ Implementing SHA in Java
§ Collision Search Attacks on SHA1
§ Modern Cipher Breaking
§ The Keyed-Hash Message Authentication Code (HMAC)
§ SSL (Secure Sockets Layer)
§ What is SSH?
§ SSH (Secure Shell)
§ Algorithms and Security
§ Disk Encryption
§ Government Access to Keys (GAK)
§ Digital Signature
§ Components of a Digital Signature
§ Method of Digital Signature Technology
§ Use of Digital Signature
§ Digital Signature Standard
§ Digital Signature Algorithm: Signature Generation/Verification
§ Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
§ Hashing Technique
o Hashing, MACs, and Digital Signatures using C# in .NET
§ Challenges and Opportunities
§ Digital Certificates
§ Creating and Verifying a Simple XML Digital Signature in C#
§ Cleversafe Grid Builder http://www.cleversafe.com/
§ PGP (Pretty Good Privacy)
§ CypherCalc
§ Command Line Scriptor
§ CryptoHeaven
§ JavaScrypt: Browser-Based Cryptography Tool
§ Steps to use JavaScrypt Encryption and Decryption Tool
§ Cryptanalysis
§ Cryptography Attacks
§ Brute-Force Attack
§ The distributed.net Organization

Module 04: Buffer Overflows
§ Statistics: MS08-067 Exploit Activity from October 2008 to January 2009, Detected as MS.DCERPC.NETAPI32.Buffer.Overflow
§ Buffer Overflows
§ Reasons for Buffer Overflow Attacks
§ Why are Programs/Applications Vulnerable?
§ Understanding Stacks
§ Understanding Heaps

Stack-based Buffer Overflow
§ A Simple Uncontrolled Overflow of the Stack
§ Stack Based Buffer Overflows
§ Heap-based Buffer Overflow
§ Heap Memory Buffer Overflow Bug
§ Heap-based Buffer Overflow
§ Countermeasure against Buffer Overflow Attacks
§ Buffer Overflow Defenses
§ Attacking a Real Program
§ Defense Against Buffer Overflows
§ Return Address Defender (RAD)
§ StackGuard
§ Immunix System
§ Vulnerability Search – ICAT
§ Valgrind
§ Insure++
o Insure++: Features
§ Buffer Overflow Protection Solution: Libsafe
§ Comparing Functions of libc and Libsafe
§ Simple Buffer Overflow in C
§ Code Analysis

Module 05: Secure C and C++ Programming
§ Introduction of C/C++
§ Important Features of Object Oriented Programming
§ Vulnerable C/C++ Functions
§ Strcpy()
§ Strncat()
§ Strncpy()
§ Sprintf()
§ Gets()
§ C/C++ Vulnerabilities:
§ Buffer Overflow
o Strings
§ Countermeasures
§ Stack-Based Buffer Overflow
§ Heap-Based Buffer Overflow
§ Off by One/Five Errors
§ Dangling Pointers
§ Stack Smashing
§ GCC Extension to Protect Stack-Smashing Attacks
§ Integer Vulnerabilities
§ Truncation
§ Sign Error
§ Pointer Subterfuge
§ Bugs with Pointers and Memory
§ Dynamic Memory Management
§ Double Free Vulnerability
§ Secure Memory Allocation Tips
§ Symmetric Encryption
§ Symmetric Encryption in C++
§ Blowfish Algorithm in C
§ Public Key Cryptography
§ Public Key Cryptography in C++
§ Networking
§ Creating an SSL Client in C++
§ Creating an SSL Server
§ Random Number Generation Problem
§ Anti-Tampering
o Anti-Tampering Techniques
§ Erasing Data from Memory Securely using C/C++
§ Preventing Memory From Being Paged to Disk
§ Using Variable Arguments Properly
§ Signal Handling
§ Encapsulation in C++
§ Best Practices for Input Validation
§ Code Profiling And Memory Debugging Tool: Val grind
§ Viva64 Tool

Module 06: Secure Java and JSP Programming
§ Introduction to Java
§ The Java Programming Language
§ JVM
§ Bytecode Basics
§ Java Security
§ Access Control
§ Sandbox Model
§ Security Issues with Java
§ SQL Injection Attack
§ SQL Injection using UNION
§ Preventive Measures for SQL Injection
§ URL Tampering
§ Denial-of-Service (DoS) Attack on Applet
§ Sample Code for DoS Attack
§ DoS from Opening Untrusted Windows
§ Preventing DOS Attacks
§ .Class File Format
§ Byte Code Attack
§ Reverse Engineering/ Decompilation by Mocha
§ Obfuscation Tools: Jmangle
§ Cinnabar Canner
§ Byte Code Verifier
§ Class Loader
§ Building a SimpleClassLoader
§ Security Manager
§ jarsigner - JAR Signing and Verification Tool
§ Signing an Applet Using RSA-Signed Certificates
§ Signing Tools
§ Getting RSA Certificates
§ Bundling Java Applets as JAR Files
§ Signing Java Applets Using Jarsigner
§ Signing Java Applets Using Netscape Signing Tool
§ Security Extensions
§ Java Security Overview: Basic Security Architecture
§ Java Authentication and Authorization Service (JAAS)
§ Java Cryptographic Extension (JCE)
§ Java Cryptography Architecture
§ JCE: Pseudo Code for Encryption
§ JCE: Pseudo Code for Decryption
§ Java Cryptography Architecture (JCA)
§ Sample Code for Encryption and Decryption
§ Secure Communication
§ Java(TM) Secure Socket Extension (JSSE)
§ Creating Secure Client Sockets
§ Creating Secure Server Sockets
§ Choosing the Cipher Suites
§ Java GSS Security
o Code for GSS Server
o Code for GSS Client
§ Java Server Page (JSP)
o Problem of Untrusted User Input
o JSP Security Issues: Sensitive Data in GET Requests and Cookies
o JSP Best Practices
§ Security with Untrusted User Input
§ Cross Site Scripting
§ Overcoming Cross Site Scripting Problem
§ Authentication in Java
§ Permissions in Java
§ How to create new types of permissions?
§ Security Policy
§ Specifying an additional Policy File at runtime
§ Policy Tool
o Policy Tool: Creating a new Policy File
§ Best practices for developing secure Java Code

Module 07: Secure Java Script and VB Script Programming
§ Script: Introduction
§ JavaScript Vulnerability
§ Cross-Site Scripting (XSS)
§ Cross-Site Scripting Attacks
§ Avoiding XSS
§ JavaScript Hijacking
§ Defending Against JavaScript Hijacking
§ Declining Malicious Requests
§ Prevent Direct Execution of the JavaScript Response
§ Malicious Script Embedded in Client Web Requests
§ Malicious Script Embedded in Client Web Requests: Effects
§ Malicious Script Embedded in Client Web Requests: Solution
§ Tool: Thicket Obfuscator for JavaScript
§ JavaScript Security in Mozilla
o JavaScript Security in Mozilla: Same Origin Policy
o Same Origin Check
o JavaScript Security in Mozilla: Signed Script Policy
§ Netscape’s SignTool
o Netscape’s SignTool: Signing a File
§ Privileges
§ Tool for Encryption: TagsLock Pro
§ JavaScript Shell (Jash): Javascript Command-Line Debugging Tool
§ Tool: Script Encoder
§ Tool: Scrambler
§ VBScript: CryptoAPI Tools
§ Signing A Script (Windows Script Host )
§ Verifying a Script
§ Signature Verification Policy
§ Software Restriction Policies for Windows XP
§ Software Restriction Policies for Windows Vista and Server 2008
§ Designing a Software Restriction Policy
§ Creating Additional Rules
§ Blocking Malicious Scripts
§ Rule for Blocking Malicious Scripts

Module 08: Secure Microsoft.NET Programming
§ Common Terminology
§ Microsoft .NET: Introduction
§ .NET Framework
o .NET Framework Security Policy Model
§ Security Policy Levels
§ Security Features in .NET
§ Key Concepts in .NET Security
§ Code Access Security (CAS)
§ Using Code Access Security in ASP.NET
§ Steps to use CAS in ASP.NET Applications
§ Evidence-Based Security
§ Role-Based Security
o Role-Based Security: Windows Principal
o Role-Based Security: Generic principal
§ Declarative and Imperative Security
§ Cryptography
§ Generate Key for Encryption and Decryption
§ Symmetric Encryption in .Net
§ Asymmetric Encryption in .Net
§ Symmetric Decryption in .Net
§ Asymmetric Decryption in .Net
§ Protecting Client and Server Data Using Encryption Sample
§ Cryptographic Signatures
§ Writing a Signature in .Net
§ Verifying a Signature in .Net
§ Ensuring Data Integrity with Hash Codes
§ Hash Code Generation
§ Verification of Hash Code
§ Classes Implementing Public-key Encryption Algorithms
§ Security Checklist for .NET Framework
§ Permissions
§ Code Access Permissions
§ Identity Permissions
§ Role-Based Security Permissions
§ SkipVerification
§ SkipVerification Sample Code
§ Stack Walk
§ Writing Secure Class Libraries
§ Runtime Security Policy
§ Step-By-Step Configuration of Runtime Security Policies
§ Creating a Security Policy Deployment Package
§ Type Safety
§ Canonicalization
§ Access Control List Editor
§ Securing User Credentials and Logon Information
§ Obfuscation
§ Dotfuscator: .NET Obfuscator Tool
§ Administration Tool: Authorization Manager (AzMan) with ASP.Net
§ ASP.NET Security Architecture 
§ Authentication and Authorization Strategies
§ URL Authorization
§ File Authorization
§ Windows Authentication
§ Forms Authentication
§ Passport Authentication
§ Custom Authentication
§ Implementing Custom Authentication Scheme
§ Security Checklist for ASP.NET
o Design Considerations
o Application Categories Considerations:
• Auditing and Logging
• Authentication–Forms
• Authorization
• Communication Security
§ Steps to Encrypt Configuration Sections in ASP.NET using DPAPI
§ Configuring Security with Mscorcfg.msc
§ Process Identity for ASP.NET
§ Impersonation
§ Impersonation Sample Code
§ Secure Communication
§ Storing Secrets
§ Options for Storing Secrets in ASP.NET
§ Web.config Vulnerabilities:
o Default Error Message
o Leaving Tracing Enabled in Web-Based Applications
o Enabled Debugging
o Cookies Accessible through Client-Side Script
o Enabled Cookieless Session State
o Enabled Cookieless Authentication
o Failure to Require SSL for Authentication Cookies
o Sliding Expiration
o Non-Unique Authentication Cookie
o Hardcoded Credential
§ Securing Session and View State
§ Web Form Considerations
§ Securing Web Services
§ Web Application Security Frame
§ Web Application Security Frame Threats, Attacks, and Countermeasures
§ Secure Remoting
§ Create a Remotable Object
§ Secure Data Access
§ Protecting ASP.NET from SQL Injection Attack
§ SQL Injection Example
§ Steps to Prevent Cross-Site Scripting in ASP.NET
§ .NET Security Tools
§ Code Access Security Policy Tool
o Caspol.exe
o Caspol.exe Parameters
§ Certificate Creation Tool: Makecert.exe

§ Options in Makecert.exe
§ Certificate Manager Tool: Certmgr.exe
§ Certificate Verification Tool: Chktrust.exe
§ Permissions View Tool: Permview.exe
§ PEVerify Tool: Peverify.exe
§ Options in Peverify.exe
§ List of Security Questions in ASP.NET
§ Best Practices for .NET Security

Module 09: Secure PHP Programming
§ Introduction to PHP (Hypertext Preprocessor)
§ PHP Security Blunders
§ Unvalidated Input Errors
§ Example of PHP Attack
§ Solution for Access Control Flaws
§ Solution for Session ID Protection
§ Error Reporting
§ Data Handling Errors
§ Security Sensitive PHP Functions:File Functions
§ Security Sensitive PHP Functions: ezmlm_hash
§ PHP Exploits
o Forms and Data
o Semantic URL Attacks
o File Upload Attacks
o Cross-Site Scripting (CSS/XSS)
o Cross-Site Request Forgeries
o Spoofed Form Submissions
o Spoofed HTTP Requests
o Sessions and Cookies
o Cookie Theft
o Exposed Session Data
o Session Fixation
o Session Hijacking
§ PHP Vulnerabilities
o Informational Vulnerabilities
o Common File Name Vulnerability
o Revealed Source Code Vulnerability
o Revealing Error Message Vulnerability
o Sensitive Data in Web Root Vulnerability
o Session File in Shared Server Vulnerability
o Sensitive Data in Globally Readable File Vulnerability
o Revealing HTML Comment Vulnerability
o Web Application Fingerprint Vulnerability
o Packet Sniffing Vulnerability
o Attack Vulnerabilities
o Global Variable Vulnerability
o Default Password Vulnerability
o Online Backup Vulnerability
§ Common PHP Attacks
§ Remote Code Execution
§ Cross-Site Scripting Attack (CSS)
§ Cross Site Scripting Attack: Example
§ Cross-Site Request Forgeries (CSRF, Sea-Surf or XSRF)
§ Workaround for Cross-Site Request Forgeries
§ SQL Injection
§ Defending SQL Injection Attacks
§ PHP Configuration Attacks
§ Preventing PHP Configuration Attacks
§ File System Attacks
§ Defending File System Attacks
§ Information Gathering Attacks
§ PHP Injection Attacks
§ Ten PHP Best Practices
§ Secure PHP Practices
o Safe Mode
o Disable Register Globals
o Validating Input
o PHP Input Filter Class
§ PHP Encoders
o Acunetix Web Vulnerability Scanner
o Encryption Software: PHP Code Lock
o Zend Guard
o POBS stands for PHP Obfuscator/Obscurer
o eAccelerator
§ Best Practices for PHP Security

Module 10: Securing Applications from Bots
§ Bots
§ Botnet
§ The Botnet Life Cycle
§ Botnet Threats
§ Robot.txt
o Creating “robots.txt” file
§ Blocking Bad Bots and Site Rippers
§ Protecting Web Application Forms from Spam Bots
o CAPTCHA
§ Advantages of CAPTCHA
o Anti-Spam Security Question
o Menu Option Matching
o Honeypot Spam Trap
o Input Length Regulation
§ Guidelines to Protect Network from Bots
§ Bot Detection Tool: BotHunter
§ Cyber Clean Center
§ Structure of Cyber Clean Center

Module 11: Secure SQL Server Programming
§ Introduction
§ SQL Server Security Model
o SQL Server Security Model: Login
§ Creating an SQL Server Login
§ Database User
§ Guest User
§ Permissions
§ Database Engine Permissions Hierarchy
§ Roles
o Public Role
o Predefined Roles
§ Fixed Server Roles
§ Fixed Database Roles
§ User-Defined Roles
§ Application roles
§ Security Features of MS-SQL Server 2005
§ Added Security Features in MS-SQL Server 2008
§ SQL Server Security Vulnerabilities:
o Buffer Overflow in pwdencrypt()
o Extended Stored Procedures Contain Buffer Overflows
§ SQL Injection Attacks
§ Prevent SQL Injection Attacks
§ Sqlninja:
o SQL Server Injection & Takeover Tool
o Finding Target
§ Data Encryption
§ Built-in Encryption Capabilities
§ Encryption Keys
§ Encryption Hierarchy
§ Transact-SQL
§ Create Symmetric Key in T-SQL
§ Create Asymmetric Key in T-SQL
§ Certificates
§ Create Certificate in T-SQL
§ SQL Server Security: Administrator Checklist
§ Database Programming Best Practices
§ SQL Server Installation:
o Authentication
o Authorization
§ Best Practices for Database Authorization
§ Auditing and Intrusion Detection
§ Enabling Auditing
§ Database Security Auditing Tools:
o AppDetectivePro
o NGSSquirrel
o AuditPro

Module 12: SQL Rootkits
§ Rootkits
§ SQL Server Rootkit
§ Threats of SQL Rootkits
§ Evolution of SQL Rootkits
§ How a Rootkit Works
§ SQL Server 2000
o Rootkit Attack on SQL Server 2000
o Screenshot: Password Tampering
§ SQL Server 2005
o Step 1: Copy and attach the hidden resource database
o Step 2: Login via Dedicated Administrator Connection (DAC)
o Step 3: Alter the sys.server_principalsview Script
o Step 4: Introduce the Rootkit
§ Detecting SQL Server Rootkits
§ Rootkit Detection Tool
o DB Audit
o ApexSQL Audit
o Audit DB
o DbProtect

Module 13: Secure Application Testing
§ Software Development Life Cycle (SDLC)
§ Introduction to Testing
§ Types of Testing
§ White Box Testing
§ Types of White Box Testing
§ Dynamic White-Box Testing
§ Integration Test
§ Regression Testing
§ System Testing
§ Black Box Testing
§ Load Testing
§ Strategies For Load Testing
§ Functional Testing
§ Testing Steps
§ Creating Test Strategy
§ Creating Test Plan
§ Creating Test Cases and Test Data
§ Executing, Bug Fixing and Retesting
§ Classic Testing Mistakes
§ User Interface Errors
§ Good User Interfaces
§ Using Automatic Testing and Tools
§ Generic Code Review Checklist
§ Software Testing Best Practices
§ Testing Tool:
o QEngine
o LoadRunner
§ Real Time Testing

Module 14: VMware Remote Recording and Debugging
§ Remote Debugging
§ Recording Debugging Process
§ Security Issues in Remote Recording and Debugging
§ The Eclipse Integrated Virtual Debugger
o Introduction
o Overview
o Eclipse Launch Configurations
o Setting Up the Eclipse Integrated Virtual Debugger Environment
o Managing Virtual Machine Launch Configurations
§ Application Configurations to Start Applications in a Virtual Machine
o Steps to Create, Duplicate, or Edit a Launch Configuration to Start an Application in a Virtual Machine
§ Application Configurations to Attach to Applications Running in a Virtual Machine
o Steps to Create, Duplicate, or Edit a Configuration that Attaches to a Running Application in a Virtual Machine
o Steps to Delete Configurations
o Running and Debugging Applications in Virtual Machines
o Steps to Start an Application Debugging Session in a Virtual Machine
o Steps to Start an Application in a Virtual Machine Without Debugging
o Steps to Attach the Debugger to an Application Running in a Virtual Machine
§ Visual Studio Integrated Virtual Debugger
o Overview
o Configuration Options When Starting an Application in a Virtual Machine
o Configuration Options When Attaching to a Process Running in a Virtual Machine
o Setting Up the Visual Studio Integrated Virtual Debugger Environment
§ Managing Virtual Machine Configurations
o Creating Configurations
o Setting Configuration Properties
o Setting Virtual Machine Properties
o Running and Debugging Applications in Virtual Machines
o Starting a Debugging Session in a Virtual Machine
o Starting a Session Without Debugging in a Virtual Machine
o Attaching the Debugger to a Process Running in a Virtual Machine

Module 15: Writing Secure Documentation and Error Messages
§ Error Message
§ Common Error Messages
§ Error Messages: Categories
§ Good Error Message
§ Error Message in a Well-designed Application
§ Good Error Message Example
§ Miscommunication in Error Messages
§ Error Message Usability Checklist
§ Guidelines For Creating Effective Error Messages
§ Best Practices while Designing Error Messages
§ Error Messages: Examples
§ Security Issues in an Error Message
§ Security Precautions in Documentation

Module 16: Secure ASP Programming
§ ASP- Introduction
§ Improving ASP Design
§ Using Server-Side Includes(SSI)
o Using Server Side Includes (SSI) with ASP
o Using Server-Side Includes: Example
o Using Server-Side Includes: Protecting the Contents of Include Files
§ Taking Advantage of VBScript Classes
§ Using Server.Execute
§ Using Server.Transfer
§ #include Directive
§ .BAK Files on the Server
§ Detecting Exceptions with Scripting Language Error-Handling Mechanisms
§ Using VBScript to Detect an Error
§ Using Jscript to Detect an Error
§ Notifying the Support Team When an Error Occurs Using CheckForError
§ Attacks on ASP
§ Insufficient Validation of Fields in SQL queries
§ ASP DypsAntiSpam: A CAPTCHA for ASP
§ Preventing Automatic Submission With DypsAntiSpam
§ CAPTCHA: Examples
§ Using Database and ASP Sessions to Implement ASP Security
§ Step 1: Create A User Database Table
§ Step 2: Create And Configure The Virtual Directory
§ Step 3: Create The Sample Pages
§ Step 4: Add Validation Code To Pages
§ Protecting ASP Pages
§ Encoding ASP Code: Script Encoder
§ Protecting Passwords of ASP Pages with a One-way Hash Function
§ ASP Best Practices
§ ASP Best Practices: Error Handling

Module 17: Secure PERL Programming
§ Introduction: PERL
§ Common Terminology
§ Security Issues in Perl Scripts
§ Basic User Input Vulnerabilities
§ Overcoming Basic User Input Vulnerabilities
§ Insecure Environmental Variables
§ Algorithmic Complexity Attacks
§ Perl: Taint, Strict, and Warnings
§ Taint Mode
§ How Does Taint Mode Work?
§ Taint Checking
§ Using Tainted Data
§ Securing the Program Using Taint
§ Strict Pragma
§ Setuid Command
o Setuid Sample Code
o Authenticating the user with setuid
o Security bugs with Setuid
§ The Perl crypt() Function
§ Logging Into a Secure Web Site with Perl Script
§ Secure Log-in Checklist
§ Program for Secure Log-in
§ Securing open() Function
§ Unicodes
§ Displaying Unicode As Text

Module 18: Secure XML, Web Services and AJAX Programming
§ Web Application and Web Services
§ Web Application Vulnerabilities
o Coding Errors
o Design Flaws
§ XML- Introduction
§ XSLT and XPath
§ XML Signature
o Applying XML Signatures to Security
§ An Enveloped, Enveloping and Detached XML Signature Simultaneously
§ XML Encryption
o The abstract <Encrypted-Type> Element
§ Security Considerations for the XML Encryption Syntax
§ Canonicalization
§ Validation Process in XML
§ XML Web Services Security
§ XML-aware Network Devices Expand Network Layer Security
§ Security of URI in XML
§ Security of Opaque Data in XML
§ XML Web Services Security Best Practices
§ XML Tools
o Stylus Studio® 2010 XML Enterprise Suite
o V-Sentry
o Vordel SOAPbox
§ AJAX
o AJAX- Introduction
o Anatomy of an AJAX Interaction (Input Validation Example)
o AJAX: Security Issues
o How to Prevent AJAX Exploits
o Tool: HTML Guardian ™
o Tool: Sprajax- AJAX Security Scanner

HP WebInspect Software

Module 19: Secure RPC, ActiveX and DCOM Programming
§ RPC Introduction
§ RPC Authentication
§ RPC Authentication Protocol
§ NULL Authentication
§ UNIX Authentication
§ Data Encryption Standard (DES) Authentication
o Data Encryption Standard (DES) Authentication on Server Side
§ Diffie-Hellman Encryption
§ Security Methods
§ Security Support Provider Interface (SSPI)
§ Security Support Providers (SSPs)
o Writing an Authenticated SSPI Client
o Writing an Authenticated SSPI Server
§ Secure RPC Protocol
§ RpcServerRegisterAuthInfo Prevents Unauthorized Users from Calling your Server
§ RPC Programming Best Practices
§ Make RPC Function Calls
o Making RPC Function Calls: Using Binding Handles
o Making RPC Function Calls: Binding Handles and Protocol Sequence
§ Using Context Handles
§ RPC and the Network
§ Write a Secure RPC Client or Server
§ ActiveX Programming: Introduction
§ Preventing Repurposing
§ SiteLock Template
o SiteLock Template: Implementation Guide for ATL Controls
§ IObjectSafety Interface
§ Code Signing
o Creating a Code Signing Certificate and Signing an ActiveX Component in Windows
§ Protecting ActiveX Controls
§ DCOM: Introduction
§ Security in DCOM
§ Application-Level Security
§ Security by Configuration
§ Programmatic Security
§ Run As a Launching user
§ Run As a Interactive User
§ Run As a Specific User
§ Security Problem on the Internet
§ Security on the Internet
§ Heap Overflow Vulnerability
§ Workarounds for Heap Overflow Vulnerability
§ Tool: DCOMbobulator
§ DCOM Security Best Practices

Module 20: Secure Linux Programming
§ Introduction
§ Open Source and Security
§ Linux – Basics
§ Linux File Structure
§ Basic Linux Commands
§ Linux Networking Commands
§ Linux Processes
§ POSIX Capabilities
§ UTF-8 Security Issues
§ UTF-8 Legal Values
§ Secure Linux Programming Advantages
o Security Audit
o Communication
o Encryption
o Identification and Authentication
o Security Management
§ Requirements for Security Measure Assurance
§ Enabling Source Address Verification
§ Linux iptables and ipchains
§ Code to save the ip6tables state
§ Controlling Access by MAC Address
§ Permitting SSH Access Only
§ Network Access Control
§ Layers of Security for Incoming Network Connections
§ Prohibiting Root Logins on Terminal Devices
§ Authentication Techniques
§ Authorization Controls
§ Running a Root Login Shell
§ Protecting Outgoing Network Connections
§ Logging in to a Remote Host
§ Invoking Remote Programs
§ Copying Remote Files
§ Public-key Authentication between OpenSSH Client and Server
§ Authenticating in Cron Jobs
§ Protecting Files
§ File Permissions
§ Shared Directory
§ Encrypting Files
§ Listing the Keyring
§ Signing Files
§ Encrypting Directories
§ POP/IMAP Mail Server (cont’d)
§ Testing an SSL Mail Connection
§ Securing POP/IMAP with SSL and Pine
§ SMTP Server
§ Testing and Monitoring
§ Testing Login Passwords (John the Ripper)
§ Testing Login Passwords (CrackLib)
§ Testing Search Path
§ Searching Filesystems Effectively
§ Finding Setuid (or Setgid) Programs
§ Securing Device Special Files
§ Looking for Rootkits
§ Tracing Processes
§ Observing Network Traffic
§ Detecting Insecure Network Protocols
§ Detecting Intrusions with Snort
§ Log Files (syslog)
§ Testing a Syslog Configuration
§ Logwatch Filter
§ Structure Program Internals and Approach
§ Minimize Privileges Sample Code
§ Filter Cross-Site Malicious Content on Input
§ Filter HTML/URIs that may be Re-Presented
§ Avoid Buffer Overflow
§ Language−Specific Issues:
o C/C++
o Sample Codes
o Perl
o Ada
o Java
o Tcl
o Tcl Sample Code
o PHP
§ Linux Application Auditing Tool: grsecurity

Module 21: Secure Linux Kernel Programming
§ Introduction
§ Building a Linux Kernel
§ Procedures to Follow Post-Build
§ Linux Kernel Configuration Menu
§ Compiling a Linux Kernel

Module 22: Secure Xcode Programming
§ Introduction to Xcode
§ Mac OS X applications
§ Cocoa
§ Carbon
§ AppleScript
§ Script Editor
§ Script Window
§ Common Data Security Architecture
§ CDSA
§ Secure Transport API Set and Cryptographic Service Provider (CSP)
§ Creating SSL Certificate on Mac OS X Server
§ Using SSL with the Web Server
§ Setting up SSL for LDAP
§ Protecting Security Information
§ Security in Mac OS X
§ Security Management Using System Preferences
§ Authentication Methods
§ Encrypted disk images
§ Networking Security Standards
§ Personal firewall
§ Checklist of recommended steps required to secure Mac OS X

Module 23: Secure Oracle PL/SQL Programming
§ Introduction: PL/SQL
§ PL/SQL in Oracle Server
§ Security Issues in Oracle
§ SQL Injection Attacks
§ Defending Against SQL Injection Attacks
§ SQL Manipulation
§ Code Injection Attack
§ Function Call Injection Attack
§ Buffer Overflow and Other Vulnerabilities
§ DBMS_SQL in PL/SQL
§ Protecting DBMS_SQL in PL/SQL
§ Types of Database Vulnerabilities/ Attacks
§ Establishing Security Policies
§ Password Management Policy
o Password Management policy: Password History
§ Auditing Policy
§ Oracle Policy Manager
§ Oracle Label Security (OLS)
§ Create an Oracle Label Security Policy
o Step 1: Define the Policy
o Step 2: Define the Components of the Labels
o Step 3: Identify the Set of Valid Data Labels
o Step 4: Apply Policy to Tables and Schemas
o Step 5: Authorize Users
o Step 6: Create and Authorize Trusted Program Units (Optional)
o Step 7: Configure Auditing (Optional)
§ Using Oracle Label Security with a Distributed Database
§ Oracle Identity Management
§ Security Tools
§ Oracle Secure Backup Tool
§ Obfuscation
§ Obfuscation Sample Code
§ Encryption Using DBMS_CRYPTO
§ Advanced Security Option
§ Row Level Security
§ Oracle Database Vaults: Tool
§ Auditing
§ Auditing Methods
§ Audit Options
§ View Audit Trail
§ Fine-Grained Auditing (FGA)
§ Oracle Auditing Tools
§ Testing PL/SQL Programs
§ SQL Unit Testing Tools
o SPUnit 
o TSQLUnit 
o utPLSQL
§ Steps to Use utPLSQL

Module 24: Secure Network Programming
§ Basic Network Concepts:
o Network
o Protocols
o Client Server Model
§ Basic Web Concepts
§ Network Programming
§ Benefits of Secure Network Programming
§ Network Interface
§ Securing Sockets:
o Server Program
o Client Program
§ Ports
§ UDP Datagram and Sockets
§ Internet Address
§ Connecting to secure websites
§ URL Decoder
§ Reading Directly from a URL
§ Content Handler
§ Cookie Policy
§ RMI Connector
§ .Net : Internet Authentication
§ Network Scanning Tool: Security Manager Plus
§ Network Programming Best Practices

Module 25: Windows Socket Programming
§ Introduction to Windows Sockets
§ Windows NT and Windows 2000 Sockets Architecture
§ Socket Programming
§ Client-Side Socket Programming
o The Socket Address Structure
§ The Socket Address Structure Code Analysis
§ Initializing a Socket and Connecting
§ Server-Side Socket Programming
§ Creating a Server
§ Winsock 2.0
§ Winsock Linking Methods
§ Starting a Winsock 2 API
§ Accepting Connections:
o AcceptEx
§ WinSock: TransmitFile and TransmitPackets
§ Grabbing a Web Page Using Winsock
§ Generic File – Grabbing Application
§ Writing Client Applications
§ TCP Client Application Sample Code
§ Writing Server Applications
§ TCP Server Application Sample Code
§ Winsock Secure Socket Extensions
§ WSADeleteSocketPeerTargetName
§ WSAImpersonateSocketPeer
§ WSAQuerySocketSecurity
§ WSARevertImpersonation
§ WSASetSocketPeerTargetName
§ WSASetSocketSecurity Function
§ SOCKET_SECURITY_SETTINGS
§ Using WinSock to Execute a Web Attack
§ Using Winsock to Execute a Remote Buffer Overflow
§ MDACDos Application

Module 26: Writing Shellcodes
§ Shellcode Introduction
§ Shellcode Development Tools
§ Remote Shellcode
§ Port Binding Shellcode
§ FreeBSD Port Binding Shellcode
§ Clean Port Binding Shellcode
o Clean Port Binding Shellcode: sckcode
§ Socket Descriptor Reuse Shellcode
o Socket Descriptor Reuse Shellcode in C
o Socket Descriptor Reuse Shellcode: Sample Code
§ Local Shellcode
§ execve
§ Executing /bin/sh
§ Byte Code
§ setuid Shellcode
§ chroot Shellcode
§ Breaking of chroot jails in Traditional Way
§ Breaking Out of Chroot Jails on Linux Kernels
§ Windows Shellcode
§ Shellcode Examples
§ Steps to Execute Shell Code Assembly
§ The Write System Call
§ Linux Shellcode for “Hello, world!”
§ The Write System Call in FreeBSD
§ execve Shellcode in C
§ FreeBSD execve jmp/call Style
§ FreeBSD execve Push Style
§ FreeBSD execve Push Style, Several Arguments
§ Implementation of execve on Linux
§ Linux Push execve Shellcode
§ System Calls
§ The Socket System Call
a. The Socket System Call: Sample Code Analysis
§ The Bind System Call
§ The Listen System Call
§ The Accept System Call
o The Accept System Call: Sample Code
§ The dup2 System Calls
§ The execve System Call
§ Linux Port Binding Shellcode
§ Compile, Print, and Test Shellcode
§ Reverse Connection Shellcode
§ Socket Reusing Shellcode
§ Linux Implementation of Socket Reusing Shellcode
§ Reusing File Descriptors
§ Using the setuid Root
o Executing the setuid Program
o System calls used by the setuid Root program
§ Using ltrace utility
§ Using GDB
§ Assembly Implementation
§ SysCall Trace
§ RW Shellcode
§ Encoding Shellcode
§ Decoder Implementation and Analysis
§ Decoder Implementation Program
§ Results of Implementation Program
§ OS-Spanning Shellcode
§ Assembly Creation

Module 27: Writing Exploits
§ Introduction
§ Targeting Vulnerabilities
§ Remote and Local Exploits
§ A Two-Stage Exploit
§ Format String Attacks
o Example of a Vulnerable Program
§ Using %n Character
§ Fixing Format String Bugs
§ User-Supplied Format String Vulnerability CVE-2000-0763 in xlockmore
§ TCP/IP Vulnerabilities
§ Race Conditions
§ File Race Conditions
§ Signal Race Conditions
§ Input Validation Error in man Program
§ Input Validation Error in man Program (Snippet 1)
§ Input Validation Error in man Program (Snippet 2)
§ Writing Exploits and Vulnerability Checking Programs
o Writing Exploits and Vulnerability Checking Programs Sample Code
§ Stack Overflow Exploits
§ Memory Organization
§ Stack Overflows
§ Finding Exploitable Stack Overflows in Open-Source Software
§ Finding Exploitable Stack Overflows in Closed-Source Software
§ Heap Corruption Exploits
§ Doug Lea Malloc
§ Dlmalloc Chunk
§ Freed Dlmalloc Chunk
§ Vulnerable Program Example
§ Figures: Fake Chunk, Overwritten Chunk
§ OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability CAN-2002-0656
§ Exploitation
§ Exploitation Sample Code
§ The Complication
§ Improving the Exploit
§ Integer Bug Exploits
§ Integer Wrapping
§ Program: Addition-Based Integer Wrapping
§ Multiplication-Based Integer Wrapping
§ Bypassing Size Checks
o Unsigned Size Check Without Integer Wrapping
o Signed Size Check Without Integer Wrapping
§ Using the Metasploit Framework
§ Determining Attack Vector
§ Finding the Offset: Overwriting the Return Address
§ The First Attack String
§ Overwriting EIP with a Known Pattern
§ Selecting a Control Vector
§ Finding a Return Address
§ Selecting the Search Method in the Metasploit Opcode Database
§ Search Method in Metasploit Opcode Database
§ Using the Return Address:
o Inserting the Return Address
o Verifying Return Address Reliability
§ Nop Sleds: Increasing Reliability with a Nop Sled
§ Choosing a Payload and Encoder
o Listing Available Payloads
o Determining Payload Variables
o Generating the Payload
o msfencode Options
§ List of Available Encoders
§ Choosing a Payload and Encoder: msfencode Results
§ msfweb Payload Generation
§ Setting msfweb Payload Options
§ msfweb Generated and Encoded Payload
§ Integrating Exploits into Framework

Module 28: Programming Port Scanners and Hacking Tools
§ Port Scanner
§ Simple Port Scanners
o Prerequisites for Writing a Port Scanner
o Port Scanner in C++
o Port Scanner in C#
o Building a Simple Port Scanner in VC++
o Port Scanner in Java
o Example JavaScript Port Scanner
o Port Scanner in ASP.Net
o Port Scanner in Perl
o Port Scanner in PHP
o UDP Port Scanning in PHP
o UDP Port Scanner in XML
§ libpcap
o Capturing Packets
§ Packet Capturing Example
§ Saving Captured Packets to a File
§ The wiretap Library
§ Adding a new file format to the wiretap library
§ wtap Struct
§ Creating a New Dissector
§ Programming the Dissector
§ Adding a tap Module
§ Nessus Attack Scripting Language (NASL)
§ Writing Personal-Use Tools in NASL
§ Programming in the Nessus Framework
§ Porting to and from NASL
o Porting to NASL
o Porting from NASL
§ Metasploit Framework (MSF)
§ msfweb Interface
§ Selecting the Exploit Module
§ msfconsole Interface
o Using msfconsole Interface
o Executing an Exploit using msfconsole
§ msfcli Interface
o Usingthe msfcli Interface
§ Updating the MSF
§ Writing Basic Rules
§ The Rule Header
§ Rule Options
§ Writing Advanced Rules: Perl-Compatible Regular Expressions (PCRE)
§ Byte_test and Byte_jump Functions
§ Optimizing Rules
§ Testing Rules
§ Writing Detection Plugins
§ Netcat Source Code

Module 29: Secure Mobile phone and PDA Programming
§ Mobile Phone Programming
§ Different OS Structure in Mobile Phone
§ Symbian Operating System
§ Guidelines for Securing Symbian OS
§ PalmOS
§ PalmOS Vulnerabilities
§ HotSync Vulnerability
§ Creator ID Switching
§ Windows Mobile
§ Calling Secure Web Services
§ Security Practices for Windows Mobile Programming
§ Comparison of Common Programming Tasks
§ PDA Programming
§ PDA Security Issues
§ Security Policies for PDAs
§ PDA Security Products
§ PDA Security Vendors
§ Java Platform, Micro Edition (Java ME)
§ Java ME Architecture
§ Java ME Security Issues
§ CLDC Security
§ Mobile Information Device Profile (MIDP)
§ MIDP Security
§ Programming the BlackBerry With Java ME
§ Security and Trust Services API (SATSA) for Java ME: The Security APIs
§ Certificate Enrollment in SATSA
§ Generating a Private Key and Certificate Signing Request in SATSA
§ Verifying the CSR
§ Storing a Certificate into the Certificate Local Store
§ Data Integrity with Message Digests
§ Generating a Message Digest
§ Verifying a Message Digest
§ Authentication With Digital Signatures
§ Signing a byte Array for Authentication Purposes
§ Verifying a Digital Signature using SATSA
§ Data Confidentiality - Using Ciphers for Data Encryption
§ Using Cipher to Encrypt Data using a Symmetric Encryption
§ Using Cipher to Decrypt Data using a Symmetric Encryption
§ Security Issues in Bluetooth
§ Security Attacks in Bluetooth Devices
§ Bluetooth security
§ Bluetooth Security : Key Management
§ Tool: Bluekey
§ Tool: BlueWatch
§ Tool: BlueSweep
§ Tool: Bluediving
§ Tool: Smartphone Security Client
§ Tool: BlueFire Mobile Security Enterprise Edition
§ Mobile Phone Security Tips
§ Defending Cell Phones and PDAs Against Attack
§ Antivirus Tools for Mobile Devices
§ F-Secure Antivirus for Palm OS

Module 30: Secure Game Designing
§ Game Designing Introduction
§ Type of Games:
o Console Games
o Mobile Games
o Online Games
o Off-line Games
o Wii Games
§ Threats to Online Gaming
§ Threats to Online Gaming: Cheating
§ Multimedia Fusion Screenshot
§ Adventure Game Studio Screenshot
§ Game Maker Screenshot
§ FPS Creator Screenshot
§ Stagecast Creator Screenshot
§ RPG Maker XP Screenshot
§ The Scrolling Game Development Kit
§ Visual3D.NET Screenshot
§ Game Engine
§ Best Practices for Secure Game Designing
§ Summary

Module 31: Securing E-Commerce Applications
§ Purpose of Secure E-Commerce Application
§ E-Business Concepts: Secure Electronic Transaction (SET)
§ Using SET
§ Secure Socket Layer (SSL)
§ SSL Certificates
§ VeriSign SSL Certificates
§ Entrust SSL Certificates
§ Digital Certificates
§ Digital Signature
§ Digital Signature Technology
§ Digital Signature Algorithm:
o Signature Generation/Verification
o ECDSA, ElGamal Signature Scheme
§ Guidelines for Developing Secure E-Commerce Applications

Module 32: Software Activation, Piracy Blocking and Automatic Updates
§ Software Activation: Introduction
§ Software Activation Process
§ Process of Software Activation
§ Software Activation: Advantages
§ Activation Explained
§ Online License Management Server
§ Activation Policies
§ Policy Control Parameters
§ Piracy
§ The Effects of piracy
§ Piracy Blocking
§ Digital Right Management (DRM)
§ Software Piracy Protection Strategies
§ Copy protection for DVD
§ Application Framework –DVD Copy Protection System
§ Content Protection During Digital Transmission
§ Watermark System Design Issues
§ Cost Effectiveness
§ False Positives Rate
§ Interaction with MPEG compression
§ Detector Placement
§ Copy Generation Management
§ Tool: Crypkey
§ EnTrial Key Generation
§ EnTrial Distribution File
§ EnTrial Product & Package Initialization Dialog
§ Windows Automatic Updates
§ Options for Setting up Windows Automatic Updates on XP
§ Automatic Updates Option on AVG Antivirus
§ Automatic Updates for Internet Explorer
§ Automatic Updates for Mozilla Firefox

Module 33: PCI Compliance and Secure Programming
§ What is PCI compliance
§ PCI Data Security Standard
§ PCI web application requirements
§ OWASP top 10 vulnerabilities
§ Avoiding Injection Flaws
§ Avoiding XSS flaws
§ Avoiding broken authentication and session management
§ Avoiding insecure direct object references
§ Avoiding CSRF flaws
§ Avoiding security misconfiguration
§ Avoiding URL access control flaws
§ Avoiding unvalidated redirects and forwards
§ Avoiding insecure cryptographic storage
§ Avoiding insufficient transport layer protection

Module 01: Introduction to Secure Coding
§ Case Study: Secure Coding Cuts Application Maintenance Costs
§ Secure Coding
§ Vulnerabilities Statistics For The Year 2008 and 2009
§ Programming Errors
§ Why Security Mistakes Are Made
§ Need for Secure Programming
§ Why Secure Coding is Important
§ Building Blocks of Software Security
§ Types of Security Vulnerabilities
§ Software Vulnerability Life Cycle
§ Types of Attacks
§ Secure Coding Principles
o Security Principles
o Security Through Obscurity
o Buffer Overflows
o Format String Vulnerabilities and Race Conditions
o Locking Problems
o Exception Handling
o Fundamentals of Control Granularity
o Fail-Safe Design Strategies
o Fault Tolerance and Detection
o Fault Removal and Avoidance
o Input and Parameter Validation
o Encrypting Secrets in Memory and Storage
o Scrubbing Information
o Privilege Levels for Information Access
o Loose Coupling
o High Cohesion
o Change Management and Version Control
§ Guidelines for Developing Secure Codes
o Validate All User’s Input
o Sanitize Input Values
o Use the Principle of Least Privilege
o Do Fail Safe
o Handle Sensitive Security Information with Care
o Practice Defense-in-Depth
o Do Not Provide Hints to Attackers
o Do Not Add Comments Telling What the Code Does
o Make (Code) Buddies
o Study and Fix the Defects
o Consider Security Issues During Design
o Avoid Common Security Problems
o Scan Existing Applications for Code Weaknesses
o Use Threat Models
o Perform Software Testing
o Use Automated Source Code Vulnerability Scanning Tools
§ Software Security Checklists
o Authentication
o Authorization
o Data Validation
o Session Management
o Logging
o Error Handling
o Cryptography
o Performance
o Use of Privilege
o User-Server Authentication

Module 02: Designing Secure Architecture
§ Introduction to Secure Architecture
§ Secure Architecture
§ Application Security
§ Factors Affecting Application Security
§ Software Engineering and System Development Life Cycle (SDLC)
§ SDLC Phases
o System Requirements
o Specifications
o Design
o Coding
o Testing
o Maintenance
§ Software Methodology Models:
o Waterfall Model
o RAD (Rapid Application Development)
o JAD (Joint Application Development)
o Fountain Model
o Spiral Model
o Build and Fix
o Synchronize-and-Stabilize
§ Agile Methodologies
§ Extreme Programming (XP)
o Rules and Practices of Extreme Programming
o XP Practices
§ Unified Modeling Language (UML)
o Primary Goals
o Diagram
o UML Tool
§ Rational Rose
§ Borland Together
§ Threat Modeling
o Aspects of Security Threat Modeling
o STRIDE Threat Model
§ Common Criteria
§ Software Development Best Practices
§ Microsoft SDL Threat Modeling Tool
§ Borland® TeamInspector™

Module 03: Cryptography
§ Introduction to Cryptography
§ Encryption
§ Symmetric Encryption
§ DES Symmetric Encryption Process
§ Asymmetric Encryption
§ Asymmetric Encryption vs. Symmetric Encryption
§ Decryption
§ Use of Cryptography
§ Cryptographic Techniques
o Classic Cryptographic Techniques
o Modern Cryptographic Techniques
§ Cipher
§ RSA (Rivest Shamir Adleman)
§ Example of RSA Algorithm
§ RSA Attacks
§ Implementation of RSA in C++
§ The Diffie-Hellman Key Agreement Standard
o The Diffie-Hellman Key Algorithm
o Diagrammatical Representation of Diffie-Hellman Key Algorithm
§ Data Encryption Standard (DES)
§ DES Overview
§ Implementation of DES in Java
§ Rijndael Algorithm
§ RC4, RC5, RC6, Blowfish Overview
§ RC5
§ Blowfish Algorithm in C
§ Message Digest Functions
§ One-way Bash Functions
§ MD5
§ Implementing MD5 in Java
§ Generating a Key and IV for Private-key Encryption
§ SHA (Secure Hash Algorithm)
§ Implementing SHA in Java
§ Collision Search Attacks on SHA1
§ Modern Cipher Breaking
§ The Keyed-Hash Message Authentication Code (HMAC)
§ SSL (Secure Sockets Layer)
§ What is SSH?
§ SSH (Secure Shell)
§ Algorithms and Security
§ Disk Encryption
§ Government Access to Keys (GAK)
§ Digital Signature
§ Components of a Digital Signature
§ Method of Digital Signature Technology
§ Use of Digital Signature
§ Digital Signature Standard
§ Digital Signature Algorithm: Signature Generation/Verification
§ Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
§ Hashing Technique
o Hashing, MACs, and Digital Signatures using C# in .NET
§ Challenges and Opportunities
§ Digital Certificates
§ Creating and Verifying a Simple XML Digital Signature in C#
§ Cleversafe Grid Builder http://www.cleversafe.com/
§ PGP (Pretty Good Privacy)
§ CypherCalc
§ Command Line Scriptor
§ CryptoHeaven
§ JavaScrypt: Browser-Based Cryptography Tool
§ Steps to use JavaScrypt Encryption and Decryption Tool
§ Cryptanalysis
§ Cryptography Attacks
§ Brute-Force Attack
§ The distributed.net Organization

Module 04: Buffer Overflows
§ Statistics: MS08-067 Exploit Activity from October 2008 to January 2009, Detected as MS.DCERPC.NETAPI32.Buffer.Overflow
§ Buffer Overflows
§ Reasons for Buffer Overflow Attacks
§ Why are Programs/Applications Vulnerable?
§ Understanding Stacks
§ Understanding Heaps

Stack-based Buffer Overflow
§ A Simple Uncontrolled Overflow of the Stack
§ Stack Based Buffer Overflows
§ Heap-based Buffer Overflow
§ Heap Memory Buffer Overflow Bug
§ Heap-based Buffer Overflow
§ Countermeasure against Buffer Overflow Attacks
§ Buffer Overflow Defenses
§ Attacking a Real Program
§ Defense Against Buffer Overflows
§ Return Address Defender (RAD)
§ StackGuard
§ Immunix System
§ Vulnerability Search – ICAT
§ Valgrind
§ Insure++
o Insure++: Features
§ Buffer Overflow Protection Solution: Libsafe
§ Comparing Functions of libc and Libsafe
§ Simple Buffer Overflow in C
§ Code Analysis

Module 05: Secure C and C++ Programming
§ Introduction of C/C++
§ Important Features of Object Oriented Programming
§ Vulnerable C/C++ Functions
§ Strcpy()
§ Strncat()
§ Strncpy()
§ Sprintf()
§ Gets()
§ C/C++ Vulnerabilities:
§ Buffer Overflow
o Strings
§ Countermeasures
§ Stack-Based Buffer Overflow
§ Heap-Based Buffer Overflow
§ Off by One/Five Errors
§ Dangling Pointers
§ Stack Smashing
§ GCC Extension to Protect Stack-Smashing Attacks
§ Integer Vulnerabilities
§ Truncation
§ Sign Error
§ Pointer Subterfuge
§ Bugs with Pointers and Memory
§ Dynamic Memory Management
§ Double Free Vulnerability
§ Secure Memory Allocation Tips
§ Symmetric Encryption
§ Symmetric Encryption in C++
§ Blowfish Algorithm in C
§ Public Key Cryptography
§ Public Key Cryptography in C++
§ Networking
§ Creating an SSL Client in C++
§ Creating an SSL Server
§ Random Number Generation Problem
§ Anti-Tampering
o Anti-Tampering Techniques
§ Erasing Data from Memory Securely using C/C++
§ Preventing Memory From Being Paged to Disk
§ Using Variable Arguments Properly
§ Signal Handling
§ Encapsulation in C++
§ Best Practices for Input Validation
§ Code Profiling And Memory Debugging Tool: Val grind
§ Viva64 Tool

Module 06: Secure Java and JSP Programming
§ Introduction to Java
§ The Java Programming Language
§ JVM
§ Bytecode Basics
§ Java Security
§ Access Control
§ Sandbox Model
§ Security Issues with Java
§ SQL Injection Attack
§ SQL Injection using UNION
§ Preventive Measures for SQL Injection
§ URL Tampering
§ Denial-of-Service (DoS) Attack on Applet
§ Sample Code for DoS Attack
§ DoS from Opening Untrusted Windows
§ Preventing DOS Attacks
§ .Class File Format
§ Byte Code Attack
§ Reverse Engineering/ Decompilation by Mocha
§ Obfuscation Tools: Jmangle
§ Cinnabar Canner
§ Byte Code Verifier
§ Class Loader
§ Building a SimpleClassLoader
§ Security Manager
§ jarsigner - JAR Signing and Verification Tool
§ Signing an Applet Using RSA-Signed Certificates
§ Signing Tools
§ Getting RSA Certificates
§ Bundling Java Applets as JAR Files
§ Signing Java Applets Using Jarsigner
§ Signing Java Applets Using Netscape Signing Tool
§ Security Extensions
§ Java Security Overview: Basic Security Architecture
§ Java Authentication and Authorization Service (JAAS)
§ Java Cryptographic Extension (JCE)
§ Java Cryptography Architecture
§ JCE: Pseudo Code for Encryption
§ JCE: Pseudo Code for Decryption
§ Java Cryptography Architecture (JCA)
§ Sample Code for Encryption and Decryption
§ Secure Communication
§ Java(TM) Secure Socket Extension (JSSE)
§ Creating Secure Client Sockets
§ Creating Secure Server Sockets
§ Choosing the Cipher Suites
§ Java GSS Security
o Code for GSS Server
o Code for GSS Client
§ Java Server Page (JSP)
o Problem of Untrusted User Input
o JSP Security Issues: Sensitive Data in GET Requests and Cookies
o JSP Best Practices
§ Security with Untrusted User Input
§ Cross Site Scripting
§ Overcoming Cross Site Scripting Problem
§ Authentication in Java
§ Permissions in Java
§ How to create new types of permissions?
§ Security Policy
§ Specifying an additional Policy File at runtime
§ Policy Tool
o Policy Tool: Creating a new Policy File
§ Best practices for developing secure Java Code

Module 07: Secure Java Script and VB Script Programming
§ Script: Introduction
§ JavaScript Vulnerability
§ Cross-Site Scripting (XSS)
§ Cross-Site Scripting Attacks
§ Avoiding XSS
§ JavaScript Hijacking
§ Defending Against JavaScript Hijacking
§ Declining Malicious Requests
§ Prevent Direct Execution of the JavaScript Response
§ Malicious Script Embedded in Client Web Requests
§ Malicious Script Embedded in Client Web Requests: Effects
§ Malicious Script Embedded in Client Web Requests: Solution
§ Tool: Thicket Obfuscator for JavaScript
§ JavaScript Security in Mozilla
o JavaScript Security in Mozilla: Same Origin Policy
o Same Origin Check
o JavaScript Security in Mozilla: Signed Script Policy
§ Netscape’s SignTool
o Netscape’s SignTool: Signing a File
§ Privileges
§ Tool for Encryption: TagsLock Pro
§ JavaScript Shell (Jash): Javascript Command-Line Debugging Tool
§ Tool: Script Encoder
§ Tool: Scrambler
§ VBScript: CryptoAPI Tools
§ Signing A Script (Windows Script Host )
§ Verifying a Script
§ Signature Verification Policy
§ Software Restriction Policies for Windows XP
§ Software Restriction Policies for Windows Vista and Server 2008
§ Designing a Software Restriction Policy
§ Creating Additional Rules
§ Blocking Malicious Scripts
§ Rule for Blocking Malicious Scripts

Module 08: Secure Microsoft.NET Programming
§ Common Terminology
§ Microsoft .NET: Introduction
§ .NET Framework
o .NET Framework Security Policy Model
§ Security Policy Levels
§ Security Features in .NET
§ Key Concepts in .NET Security
§ Code Access Security (CAS)
§ Using Code Access Security in ASP.NET
§ Steps to use CAS in ASP.NET Applications
§ Evidence-Based Security
§ Role-Based Security
o Role-Based Security: Windows Principal
o Role-Based Security: Generic principal
§ Declarative and Imperative Security
§ Cryptography
§ Generate Key for Encryption and Decryption
§ Symmetric Encryption in .Net
§ Asymmetric Encryption in .Net
§ Symmetric Decryption in .Net
§ Asymmetric Decryption in .Net
§ Protecting Client and Server Data Using Encryption Sample
§ Cryptographic Signatures
§ Writing a Signature in .Net
§ Verifying a Signature in .Net
§ Ensuring Data Integrity with Hash Codes
§ Hash Code Generation
§ Verification of Hash Code
§ Classes Implementing Public-key Encryption Algorithms
§ Security Checklist for .NET Framework
§ Permissions
§ Code Access Permissions
§ Identity Permissions
§ Role-Based Security Permissions
§ SkipVerification
§ SkipVerification Sample Code
§ Stack Walk
§ Writing Secure Class Libraries
§ Runtime Security Policy
§ Step-By-Step Configuration of Runtime Security Policies
§ Creating a Security Policy Deployment Package
§ Type Safety
§ Canonicalization
§ Access Control List Editor
§ Securing User Credentials and Logon Information
§ Obfuscation
§ Dotfuscator: .NET Obfuscator Tool
§ Administration Tool: Authorization Manager (AzMan) with ASP.Net
§ ASP.NET Security Architecture 
§ Authentication and Authorization Strategies
§ URL Authorization
§ File Authorization
§ Windows Authentication
§ Forms Authentication
§ Passport Authentication
§ Custom Authentication
§ Implementing Custom Authentication Scheme
§ Security Checklist for ASP.NET
o Design Considerations
o Application Categories Considerations:
• Auditing and Logging
• Authentication–Forms
• Authorization
• Communication Security
§ Steps to Encrypt Configuration Sections in ASP.NET using DPAPI
§ Configuring Security with Mscorcfg.msc
§ Process Identity for ASP.NET
§ Impersonation
§ Impersonation Sample Code
§ Secure Communication
§ Storing Secrets
§ Options for Storing Secrets in ASP.NET
§ Web.config Vulnerabilities:
o Default Error Message
o Leaving Tracing Enabled in Web-Based Applications
o Enabled Debugging
o Cookies Accessible through Client-Side Script
o Enabled Cookieless Session State
o Enabled Cookieless Authentication
o Failure to Require SSL for Authentication Cookies
o Sliding Expiration
o Non-Unique Authentication Cookie
o Hardcoded Credential
§ Securing Session and View State
§ Web Form Considerations
§ Securing Web Services
§ Web Application Security Frame
§ Web Application Security Frame Threats, Attacks, and Countermeasures
§ Secure Remoting
§ Create a Remotable Object
§ Secure Data Access
§ Protecting ASP.NET from SQL Injection Attack
§ SQL Injection Example
§ Steps to Prevent Cross-Site Scripting in ASP.NET
§ .NET Security Tools
§ Code Access Security Policy Tool
o Caspol.exe
o Caspol.exe Parameters
§ Certificate Creation Tool: Makecert.exe

§ Options in Makecert.exe
§ Certificate Manager Tool: Certmgr.exe
§ Certificate Verification Tool: Chktrust.exe
§ Permissions View Tool: Permview.exe
§ PEVerify Tool: Peverify.exe
§ Options in Peverify.exe
§ List of Security Questions in ASP.NET
§ Best Practices for .NET Security

Module 09: Secure PHP Programming
§ Introduction to PHP (Hypertext Preprocessor)
§ PHP Security Blunders
§ Unvalidated Input Errors
§ Example of PHP Attack
§ Solution for Access Control Flaws
§ Solution for Session ID Protection
§ Error Reporting
§ Data Handling Errors
§ Security Sensitive PHP Functions:File Functions
§ Security Sensitive PHP Functions: ezmlm_hash
§ PHP Exploits
o Forms and Data
o Semantic URL Attacks
o File Upload Attacks
o Cross-Site Scripting (CSS/XSS)
o Cross-Site Request Forgeries
o Spoofed Form Submissions
o Spoofed HTTP Requests
o Sessions and Cookies
o Cookie Theft
o Exposed Session Data
o Session Fixation
o Session Hijacking
§ PHP Vulnerabilities
o Informational Vulnerabilities
o Common File Name Vulnerability
o Revealed Source Code Vulnerability
o Revealing Error Message Vulnerability
o Sensitive Data in Web Root Vulnerability
o Session File in Shared Server Vulnerability
o Sensitive Data in Globally Readable File Vulnerability
o Revealing HTML Comment Vulnerability
o Web Application Fingerprint Vulnerability
o Packet Sniffing Vulnerability
o Attack Vulnerabilities
o Global Variable Vulnerability
o Default Password Vulnerability
o Online Backup Vulnerability
§ Common PHP Attacks
§ Remote Code Execution
§ Cross-Site Scripting Attack (CSS)
§ Cross Site Scripting Attack: Example
§ Cross-Site Request Forgeries (CSRF, Sea-Surf or XSRF)
§ Workaround for Cross-Site Request Forgeries
§ SQL Injection
§ Defending SQL Injection Attacks
§ PHP Configuration Attacks
§ Preventing PHP Configuration Attacks
§ File System Attacks
§ Defending File System Attacks
§ Information Gathering Attacks
§ PHP Injection Attacks
§ Ten PHP Best Practices
§ Secure PHP Practices
o Safe Mode
o Disable Register Globals
o Validating Input
o PHP Input Filter Class
§ PHP Encoders
o Acunetix Web Vulnerability Scanner
o Encryption Software: PHP Code Lock
o Zend Guard
o POBS stands for PHP Obfuscator/Obscurer
o eAccelerator
§ Best Practices for PHP Security

Module 10: Securing Applications from Bots
§ Bots
§ Botnet
§ The Botnet Life Cycle
§ Botnet Threats
§ Robot.txt
o Creating “robots.txt” file
§ Blocking Bad Bots and Site Rippers
§ Protecting Web Application Forms from Spam Bots
o CAPTCHA
§ Advantages of CAPTCHA
o Anti-Spam Security Question
o Menu Option Matching
o Honeypot Spam Trap
o Input Length Regulation
§ Guidelines to Protect Network from Bots
§ Bot Detection Tool: BotHunter
§ Cyber Clean Center
§ Structure of Cyber Clean Center

Module 11: Secure SQL Server Programming
§ Introduction
§ SQL Server Security Model
o SQL Server Security Model: Login
§ Creating an SQL Server Login
§ Database User
§ Guest User
§ Permissions
§ Database Engine Permissions Hierarchy
§ Roles
o Public Role
o Predefined Roles
§ Fixed Server Roles
§ Fixed Database Roles
§ User-Defined Roles
§ Application roles
§ Security Features of MS-SQL Server 2005
§ Added Security Features in MS-SQL Server 2008
§ SQL Server Security Vulnerabilities:
o Buffer Overflow in pwdencrypt()
o Extended Stored Procedures Contain Buffer Overflows
§ SQL Injection Attacks
§ Prevent SQL Injection Attacks
§ Sqlninja:
o SQL Server Injection & Takeover Tool
o Finding Target
§ Data Encryption
§ Built-in Encryption Capabilities
§ Encryption Keys
§ Encryption Hierarchy
§ Transact-SQL
§ Create Symmetric Key in T-SQL
§ Create Asymmetric Key in T-SQL
§ Certificates
§ Create Certificate in T-SQL
§ SQL Server Security: Administrator Checklist
§ Database Programming Best Practices
§ SQL Server Installation:
o Authentication
o Authorization
§ Best Practices for Database Authorization
§ Auditing and Intrusion Detection
§ Enabling Auditing
§ Database Security Auditing Tools:
o AppDetectivePro
o NGSSquirrel
o AuditPro

Module 12: SQL Rootkits
§ Rootkits
§ SQL Server Rootkit
§ Threats of SQL Rootkits
§ Evolution of SQL Rootkits
§ How a Rootkit Works
§ SQL Server 2000
o Rootkit Attack on SQL Server 2000
o Screenshot: Password Tampering
§ SQL Server 2005
o Step 1: Copy and attach the hidden resource database
o Step 2: Login via Dedicated Administrator Connection (DAC)
o Step 3: Alter the sys.server_principalsview Script
o Step 4: Introduce the Rootkit
§ Detecting SQL Server Rootkits
§ Rootkit Detection Tool
o DB Audit
o ApexSQL Audit
o Audit DB
o DbProtect

Module 13: Secure Application Testing
§ Software Development Life Cycle (SDLC)
§ Introduction to Testing
§ Types of Testing
§ White Box Testing
§ Types of White Box Testing
§ Dynamic White-Box Testing
§ Integration Test
§ Regression Testing
§ System Testing
§ Black Box Testing
§ Load Testing
§ Strategies For Load Testing
§ Functional Testing
§ Testing Steps
§ Creating Test Strategy
§ Creating Test Plan
§ Creating Test Cases and Test Data
§ Executing, Bug Fixing and Retesting
§ Classic Testing Mistakes
§ User Interface Errors
§ Good User Interfaces
§ Using Automatic Testing and Tools
§ Generic Code Review Checklist
§ Software Testing Best Practices
§ Testing Tool:
o QEngine
o LoadRunner
§ Real Time Testing

Module 14: VMware Remote Recording and Debugging
§ Remote Debugging
§ Recording Debugging Process
§ Security Issues in Remote Recording and Debugging
§ The Eclipse Integrated Virtual Debugger
o Introduction
o Overview
o Eclipse Launch Configurations
o Setting Up the Eclipse Integrated Virtual Debugger Environment
o Managing Virtual Machine Launch Configurations
§ Application Configurations to Start Applications in a Virtual Machine
o Steps to Create, Duplicate, or Edit a Launch Configuration to Start an Application in a Virtual Machine
§ Application Configurations to Attach to Applications Running in a Virtual Machine
o Steps to Create, Duplicate, or Edit a Configuration that Attaches to a Running Application in a Virtual Machine
o Steps to Delete Configurations
o Running and Debugging Applications in Virtual Machines
o Steps to Start an Application Debugging Session in a Virtual Machine
o Steps to Start an Application in a Virtual Machine Without Debugging
o Steps to Attach the Debugger to an Application Running in a Virtual Machine
§ Visual Studio Integrated Virtual Debugger
o Overview
o Configuration Options When Starting an Application in a Virtual Machine
o Configuration Options When Attaching to a Process Running in a Virtual Machine
o Setting Up the Visual Studio Integrated Virtual Debugger Environment
§ Managing Virtual Machine Configurations
o Creating Configurations
o Setting Configuration Properties
o Setting Virtual Machine Properties
o Running and Debugging Applications in Virtual Machines
o Starting a Debugging Session in a Virtual Machine
o Starting a Session Without Debugging in a Virtual Machine
o Attaching the Debugger to a Process Running in a Virtual Machine

Module 15: Writing Secure Documentation and Error Messages
§ Error Message
§ Common Error Messages
§ Error Messages: Categories
§ Good Error Message
§ Error Message in a Well-designed Application
§ Good Error Message Example
§ Miscommunication in Error Messages
§ Error Message Usability Checklist
§ Guidelines For Creating Effective Error Messages
§ Best Practices while Designing Error Messages
§ Error Messages: Examples
§ Security Issues in an Error Message
§ Security Precautions in Documentation

Module 16: Secure ASP Programming
§ ASP- Introduction
§ Improving ASP Design
§ Using Server-Side Includes(SSI)
o Using Server Side Includes (SSI) with ASP
o Using Server-Side Includes: Example
o Using Server-Side Includes: Protecting the Contents of Include Files
§ Taking Advantage of VBScript Classes
§ Using Server.Execute
§ Using Server.Transfer
§ #include Directive
§ .BAK Files on the Server
§ Detecting Exceptions with Scripting Language Error-Handling Mechanisms
§ Using VBScript to Detect an Error
§ Using Jscript to Detect an Error
§ Notifying the Support Team When an Error Occurs Using CheckForError
§ Attacks on ASP
§ Insufficient Validation of Fields in SQL queries
§ ASP DypsAntiSpam: A CAPTCHA for ASP
§ Preventing Automatic Submission With DypsAntiSpam
§ CAPTCHA: Examples
§ Using Database and ASP Sessions to Implement ASP Security
§ Step 1: Create A User Database Table
§ Step 2: Create And Configure The Virtual Directory
§ Step 3: Create The Sample Pages
§ Step 4: Add Validation Code To Pages
§ Protecting ASP Pages
§ Encoding ASP Code: Script Encoder
§ Protecting Passwords of ASP Pages with a One-way Hash Function
§ ASP Best Practices
§ ASP Best Practices: Error Handling

Module 17: Secure PERL Programming
§ Introduction: PERL
§ Common Terminology
§ Security Issues in Perl Scripts
§ Basic User Input Vulnerabilities
§ Overcoming Basic User Input Vulnerabilities
§ Insecure Environmental Variables
§ Algorithmic Complexity Attacks
§ Perl: Taint, Strict, and Warnings
§ Taint Mode
§ How Does Taint Mode Work?
§ Taint Checking
§ Using Tainted Data
§ Securing the Program Using Taint
§ Strict Pragma
§ Setuid Command
o Setuid Sample Code
o Authenticating the user with setuid
o Security bugs with Setuid
§ The Perl crypt() Function
§ Logging Into a Secure Web Site with Perl Script
§ Secure Log-in Checklist
§ Program for Secure Log-in
§ Securing open() Function
§ Unicodes
§ Displaying Unicode As Text

Module 18: Secure XML, Web Services and AJAX Programming
§ Web Application and Web Services
§ Web Application Vulnerabilities
o Coding Errors
o Design Flaws
§ XML- Introduction
§ XSLT and XPath
§ XML Signature
o Applying XML Signatures to Security
§ An Enveloped, Enveloping and Detached XML Signature Simultaneously
§ XML Encryption
o The abstract <Encrypted-Type> Element
§ Security Considerations for the XML Encryption Syntax
§ Canonicalization
§ Validation Process in XML
§ XML Web Services Security
§ XML-aware Network Devices Expand Network Layer Security
§ Security of URI in XML
§ Security of Opaque Data in XML
§ XML Web Services Security Best Practices
§ XML Tools
o Stylus Studio® 2010 XML Enterprise Suite
o V-Sentry
o Vordel SOAPbox
§ AJAX
o AJAX- Introduction
o Anatomy of an AJAX Interaction (Input Validation Example)
o AJAX: Security Issues
o How to Prevent AJAX Exploits
o Tool: HTML Guardian ™
o Tool: Sprajax- AJAX Security Scanner

HP WebInspect Software

Module 19: Secure RPC, ActiveX and DCOM Programming
§ RPC Introduction
§ RPC Authentication
§ RPC Authentication Protocol
§ NULL Authentication
§ UNIX Authentication
§ Data Encryption Standard (DES) Authentication
o Data Encryption Standard (DES) Authentication on Server Side
§ Diffie-Hellman Encryption
§ Security Methods
§ Security Support Provider Interface (SSPI)
§ Security Support Providers (SSPs)
o Writing an Authenticated SSPI Client
o Writing an Authenticated SSPI Server
§ Secure RPC Protocol
§ RpcServerRegisterAuthInfo Prevents Unauthorized Users from Calling your Server
§ RPC Programming Best Practices
§ Make RPC Function Calls
o Making RPC Function Calls: Using Binding Handles
o Making RPC Function Calls: Binding Handles and Protocol Sequence
§ Using Context Handles
§ RPC and the Network
§ Write a Secure RPC Client or Server
§ ActiveX Programming: Introduction
§ Preventing Repurposing
§ SiteLock Template
o SiteLock Template: Implementation Guide for ATL Controls
§ IObjectSafety Interface
§ Code Signing
o Creating a Code Signing Certificate and Signing an ActiveX Component in Windows
§ Protecting ActiveX Controls
§ DCOM: Introduction
§ Security in DCOM
§ Application-Level Security
§ Security by Configuration
§ Programmatic Security
§ Run As a Launching user
§ Run As a Interactive User
§ Run As a Specific User
§ Security Problem on the Internet
§ Security on the Internet
§ Heap Overflow Vulnerability
§ Workarounds for Heap Overflow Vulnerability
§ Tool: DCOMbobulator
§ DCOM Security Best Practices

Module 20: Secure Linux Programming
§ Introduction
§ Open Source and Security
§ Linux – Basics
§ Linux File Structure
§ Basic Linux Commands
§ Linux Networking Commands
§ Linux Processes
§ POSIX Capabilities
§ UTF-8 Security Issues
§ UTF-8 Legal Values
§ Secure Linux Programming Advantages
o Security Audit
o Communication
o Encryption
o Identification and Authentication
o Security Management
§ Requirements for Security Measure Assurance
§ Enabling Source Address Verification
§ Linux iptables and ipchains
§ Code to save the ip6tables state
§ Controlling Access by MAC Address
§ Permitting SSH Access Only
§ Network Access Control
§ Layers of Security for Incoming Network Connections
§ Prohibiting Root Logins on Terminal Devices
§ Authentication Techniques
§ Authorization Controls
§ Running a Root Login Shell
§ Protecting Outgoing Network Connections
§ Logging in to a Remote Host
§ Invoking Remote Programs
§ Copying Remote Files
§ Public-key Authentication between OpenSSH Client and Server
§ Authenticating in Cron Jobs
§ Protecting Files
§ File Permissions
§ Shared Directory
§ Encrypting Files
§ Listing the Keyring
§ Signing Files
§ Encrypting Directories
§ POP/IMAP Mail Server (cont’d)
§ Testing an SSL Mail Connection
§ Securing POP/IMAP with SSL and Pine
§ SMTP Server
§ Testing and Monitoring
§ Testing Login Passwords (John the Ripper)
§ Testing Login Passwords (CrackLib)
§ Testing Search Path
§ Searching Filesystems Effectively
§ Finding Setuid (or Setgid) Programs
§ Securing Device Special Files
§ Looking for Rootkits
§ Tracing Processes
§ Observing Network Traffic
§ Detecting Insecure Network Protocols
§ Detecting Intrusions with Snort
§ Log Files (syslog)
§ Testing a Syslog Configuration
§ Logwatch Filter
§ Structure Program Internals and Approach
§ Minimize Privileges Sample Code
§ Filter Cross-Site Malicious Content on Input
§ Filter HTML/URIs that may be Re-Presented
§ Avoid Buffer Overflow
§ Language−Specific Issues:
o C/C++
o Sample Codes
o Perl
o Ada
o Java
o Tcl
o Tcl Sample Code
o PHP
§ Linux Application Auditing Tool: grsecurity

Module 21: Secure Linux Kernel Programming
§ Introduction
§ Building a Linux Kernel
§ Procedures to Follow Post-Build
§ Linux Kernel Configuration Menu
§ Compiling a Linux Kernel

Module 22: Secure Xcode Programming
§ Introduction to Xcode
§ Mac OS X applications
§ Cocoa
§ Carbon
§ AppleScript
§ Script Editor
§ Script Window
§ Common Data Security Architecture
§ CDSA
§ Secure Transport API Set and Cryptographic Service Provider (CSP)
§ Creating SSL Certificate on Mac OS X Server
§ Using SSL with the Web Server
§ Setting up SSL for LDAP
§ Protecting Security Information
§ Security in Mac OS X
§ Security Management Using System Preferences
§ Authentication Methods
§ Encrypted disk images
§ Networking Security Standards
§ Personal firewall
§ Checklist of recommended steps required to secure Mac OS X

Module 23: Secure Oracle PL/SQL Programming
§ Introduction: PL/SQL
§ PL/SQL in Oracle Server
§ Security Issues in Oracle
§ SQL Injection Attacks
§ Defending Against SQL Injection Attacks
§ SQL Manipulation
§ Code Injection Attack
§ Function Call Injection Attack
§ Buffer Overflow and Other Vulnerabilities
§ DBMS_SQL in PL/SQL
§ Protecting DBMS_SQL in PL/SQL
§ Types of Database Vulnerabilities/ Attacks
§ Establishing Security Policies
§ Password Management Policy
o Password Management policy: Password History
§ Auditing Policy
§ Oracle Policy Manager
§ Oracle Label Security (OLS)
§ Create an Oracle Label Security Policy
o Step 1: Define the Policy
o Step 2: Define the Components of the Labels
o Step 3: Identify the Set of Valid Data Labels
o Step 4: Apply Policy to Tables and Schemas
o Step 5: Authorize Users
o Step 6: Create and Authorize Trusted Program Units (Optional)
o Step 7: Configure Auditing (Optional)
§ Using Oracle Label Security with a Distributed Database
§ Oracle Identity Management
§ Security Tools
§ Oracle Secure Backup Tool
§ Obfuscation
§ Obfuscation Sample Code
§ Encryption Using DBMS_CRYPTO
§ Advanced Security Option
§ Row Level Security
§ Oracle Database Vaults: Tool
§ Auditing
§ Auditing Methods
§ Audit Options
§ View Audit Trail
§ Fine-Grained Auditing (FGA)
§ Oracle Auditing Tools
§ Testing PL/SQL Programs
§ SQL Unit Testing Tools
o SPUnit 
o TSQLUnit 
o utPLSQL
§ Steps to Use utPLSQL

Module 24: Secure Network Programming
§ Basic Network Concepts:
o Network
o Protocols
o Client Server Model
§ Basic Web Concepts
§ Network Programming
§ Benefits of Secure Network Programming
§ Network Interface
§ Securing Sockets:
o Server Program
o Client Program
§ Ports
§ UDP Datagram and Sockets
§ Internet Address
§ Connecting to secure websites
§ URL Decoder
§ Reading Directly from a URL
§ Content Handler
§ Cookie Policy
§ RMI Connector
§ .Net : Internet Authentication
§ Network Scanning Tool: Security Manager Plus
§ Network Programming Best Practices

Module 25: Windows Socket Programming
§ Introduction to Windows Sockets
§ Windows NT and Windows 2000 Sockets Architecture
§ Socket Programming
§ Client-Side Socket Programming
o The Socket Address Structure
§ The Socket Address Structure Code Analysis
§ Initializing a Socket and Connecting
§ Server-Side Socket Programming
§ Creating a Server
§ Winsock 2.0
§ Winsock Linking Methods
§ Starting a Winsock 2 API
§ Accepting Connections:
o AcceptEx
§ WinSock: TransmitFile and TransmitPackets
§ Grabbing a Web Page Using Winsock
§ Generic File – Grabbing Application
§ Writing Client Applications
§ TCP Client Application Sample Code
§ Writing Server Applications
§ TCP Server Application Sample Code
§ Winsock Secure Socket Extensions
§ WSADeleteSocketPeerTargetName
§ WSAImpersonateSocketPeer
§ WSAQuerySocketSecurity
§ WSARevertImpersonation
§ WSASetSocketPeerTargetName
§ WSASetSocketSecurity Function
§ SOCKET_SECURITY_SETTINGS
§ Using WinSock to Execute a Web Attack
§ Using Winsock to Execute a Remote Buffer Overflow
§ MDACDos Application

Module 26: Writing Shellcodes
§ Shellcode Introduction
§ Shellcode Development Tools
§ Remote Shellcode
§ Port Binding Shellcode
§ FreeBSD Port Binding Shellcode
§ Clean Port Binding Shellcode
o Clean Port Binding Shellcode: sckcode
§ Socket Descriptor Reuse Shellcode
o Socket Descriptor Reuse Shellcode in C
o Socket Descriptor Reuse Shellcode: Sample Code
§ Local Shellcode
§ execve
§ Executing /bin/sh
§ Byte Code
§ setuid Shellcode
§ chroot Shellcode
§ Breaking of chroot jails in Traditional Way
§ Breaking Out of Chroot Jails on Linux Kernels
§ Windows Shellcode
§ Shellcode Examples
§ Steps to Execute Shell Code Assembly
§ The Write System Call
§ Linux Shellcode for “Hello, world!”
§ The Write System Call in FreeBSD
§ execve Shellcode in C
§ FreeBSD execve jmp/call Style
§ FreeBSD execve Push Style
§ FreeBSD execve Push Style, Several Arguments
§ Implementation of execve on Linux
§ Linux Push execve Shellcode
§ System Calls
§ The Socket System Call
a. The Socket System Call: Sample Code Analysis
§ The Bind System Call
§ The Listen System Call
§ The Accept System Call
o The Accept System Call: Sample Code
§ The dup2 System Calls
§ The execve System Call
§ Linux Port Binding Shellcode
§ Compile, Print, and Test Shellcode
§ Reverse Connection Shellcode
§ Socket Reusing Shellcode
§ Linux Implementation of Socket Reusing Shellcode
§ Reusing File Descriptors
§ Using the setuid Root
o Executing the setuid Program
o System calls used by the setuid Root program
§ Using ltrace utility
§ Using GDB
§ Assembly Implementation
§ SysCall Trace
§ RW Shellcode
§ Encoding Shellcode
§ Decoder Implementation and Analysis
§ Decoder Implementation Program
§ Results of Implementation Program
§ OS-Spanning Shellcode
§ Assembly Creation

Module 27: Writing Exploits
§ Introduction
§ Targeting Vulnerabilities
§ Remote and Local Exploits
§ A Two-Stage Exploit
§ Format String Attacks
o Example of a Vulnerable Program
§ Using %n Character
§ Fixing Format String Bugs
§ User-Supplied Format String Vulnerability CVE-2000-0763 in xlockmore
§ TCP/IP Vulnerabilities
§ Race Conditions
§ File Race Conditions
§ Signal Race Conditions
§ Input Validation Error in man Program
§ Input Validation Error in man Program (Snippet 1)
§ Input Validation Error in man Program (Snippet 2)
§ Writing Exploits and Vulnerability Checking Programs
o Writing Exploits and Vulnerability Checking Programs Sample Code
§ Stack Overflow Exploits
§ Memory Organization
§ Stack Overflows
§ Finding Exploitable Stack Overflows in Open-Source Software
§ Finding Exploitable Stack Overflows in Closed-Source Software
§ Heap Corruption Exploits
§ Doug Lea Malloc
§ Dlmalloc Chunk
§ Freed Dlmalloc Chunk
§ Vulnerable Program Example
§ Figures: Fake Chunk, Overwritten Chunk
§ OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability CAN-2002-0656
§ Exploitation
§ Exploitation Sample Code
§ The Complication
§ Improving the Exploit
§ Integer Bug Exploits
§ Integer Wrapping
§ Program: Addition-Based Integer Wrapping
§ Multiplication-Based Integer Wrapping
§ Bypassing Size Checks
o Unsigned Size Check Without Integer Wrapping
o Signed Size Check Without Integer Wrapping
§ Using the Metasploit Framework
§ Determining Attack Vector
§ Finding the Offset: Overwriting the Return Address
§ The First Attack String
§ Overwriting EIP with a Known Pattern
§ Selecting a Control Vector
§ Finding a Return Address
§ Selecting the Search Method in the Metasploit Opcode Database
§ Search Method in Metasploit Opcode Database
§ Using the Return Address:
o Inserting the Return Address
o Verifying Return Address Reliability
§ Nop Sleds: Increasing Reliability with a Nop Sled
§ Choosing a Payload and Encoder
o Listing Available Payloads
o Determining Payload Variables
o Generating the Payload
o msfencode Options
§ List of Available Encoders
§ Choosing a Payload and Encoder: msfencode Results
§ msfweb Payload Generation
§ Setting msfweb Payload Options
§ msfweb Generated and Encoded Payload
§ Integrating Exploits into Framework

Module 28: Programming Port Scanners and Hacking Tools
§ Port Scanner
§ Simple Port Scanners
o Prerequisites for Writing a Port Scanner
o Port Scanner in C++
o Port Scanner in C#
o Building a Simple Port Scanner in VC++
o Port Scanner in Java
o Example JavaScript Port Scanner
o Port Scanner in ASP.Net
o Port Scanner in Perl
o Port Scanner in PHP
o UDP Port Scanning in PHP
o UDP Port Scanner in XML
§ libpcap
o Capturing Packets
§ Packet Capturing Example
§ Saving Captured Packets to a File
§ The wiretap Library
§ Adding a new file format to the wiretap library
§ wtap Struct
§ Creating a New Dissector
§ Programming the Dissector
§ Adding a tap Module
§ Nessus Attack Scripting Language (NASL)
§ Writing Personal-Use Tools in NASL
§ Programming in the Nessus Framework
§ Porting to and from NASL
o Porting to NASL
o Porting from NASL
§ Metasploit Framework (MSF)
§ msfweb Interface
§ Selecting the Exploit Module
§ msfconsole Interface
o Using msfconsole Interface
o Executing an Exploit using msfconsole
§ msfcli Interface
o Usingthe msfcli Interface
§ Updating the MSF
§ Writing Basic Rules
§ The Rule Header
§ Rule Options
§ Writing Advanced Rules: Perl-Compatible Regular Expressions (PCRE)
§ Byte_test and Byte_jump Functions
§ Optimizing Rules
§ Testing Rules
§ Writing Detection Plugins
§ Netcat Source Code

Module 29: Secure Mobile phone and PDA Programming
§ Mobile Phone Programming
§ Different OS Structure in Mobile Phone
§ Symbian Operating System
§ Guidelines for Securing Symbian OS
§ PalmOS
§ PalmOS Vulnerabilities
§ HotSync Vulnerability
§ Creator ID Switching
§ Windows Mobile
§ Calling Secure Web Services
§ Security Practices for Windows Mobile Programming
§ Comparison of Common Programming Tasks
§ PDA Programming
§ PDA Security Issues
§ Security Policies for PDAs
§ PDA Security Products
§ PDA Security Vendors
§ Java Platform, Micro Edition (Java ME)
§ Java ME Architecture
§ Java ME Security Issues
§ CLDC Security
§ Mobile Information Device Profile (MIDP)
§ MIDP Security
§ Programming the BlackBerry With Java ME
§ Security and Trust Services API (SATSA) for Java ME: The Security APIs
§ Certificate Enrollment in SATSA
§ Generating a Private Key and Certificate Signing Request in SATSA
§ Verifying the CSR
§ Storing a Certificate into the Certificate Local Store
§ Data Integrity with Message Digests
§ Generating a Message Digest
§ Verifying a Message Digest
§ Authentication With Digital Signatures
§ Signing a byte Array for Authentication Purposes
§ Verifying a Digital Signature using SATSA
§ Data Confidentiality - Using Ciphers for Data Encryption
§ Using Cipher to Encrypt Data using a Symmetric Encryption
§ Using Cipher to Decrypt Data using a Symmetric Encryption
§ Security Issues in Bluetooth
§ Security Attacks in Bluetooth Devices
§ Bluetooth security
§ Bluetooth Security : Key Management
§ Tool: Bluekey
§ Tool: BlueWatch
§ Tool: BlueSweep
§ Tool: Bluediving
§ Tool: Smartphone Security Client
§ Tool: BlueFire Mobile Security Enterprise Edition
§ Mobile Phone Security Tips
§ Defending Cell Phones and PDAs Against Attack
§ Antivirus Tools for Mobile Devices
§ F-Secure Antivirus for Palm OS

Module 30: Secure Game Designing
§ Game Designing Introduction
§ Type of Games:
o Console Games
o Mobile Games
o Online Games
o Off-line Games
o Wii Games
§ Threats to Online Gaming
§ Threats to Online Gaming: Cheating
§ Multimedia Fusion Screenshot
§ Adventure Game Studio Screenshot
§ Game Maker Screenshot
§ FPS Creator Screenshot
§ Stagecast Creator Screenshot
§ RPG Maker XP Screenshot
§ The Scrolling Game Development Kit
§ Visual3D.NET Screenshot
§ Game Engine
§ Best Practices for Secure Game Designing
§ Summary

Module 31: Securing E-Commerce Applications
§ Purpose of Secure E-Commerce Application
§ E-Business Concepts: Secure Electronic Transaction (SET)
§ Using SET
§ Secure Socket Layer (SSL)
§ SSL Certificates
§ VeriSign SSL Certificates
§ Entrust SSL Certificates
§ Digital Certificates
§ Digital Signature
§ Digital Signature Technology
§ Digital Signature Algorithm:
o Signature Generation/Verification
o ECDSA, ElGamal Signature Scheme
§ Guidelines for Developing Secure E-Commerce Applications

Module 32: Software Activation, Piracy Blocking and Automatic Updates
§ Software Activation: Introduction
§ Software Activation Process
§ Process of Software Activation
§ Software Activation: Advantages
§ Activation Explained
§ Online License Management Server
§ Activation Policies
§ Policy Control Parameters
§ Piracy
§ The Effects of piracy
§ Piracy Blocking
§ Digital Right Management (DRM)
§ Software Piracy Protection Strategies
§ Copy protection for DVD
§ Application Framework –DVD Copy Protection System
§ Content Protection During Digital Transmission
§ Watermark System Design Issues
§ Cost Effectiveness
§ False Positives Rate
§ Interaction with MPEG compression
§ Detector Placement
§ Copy Generation Management
§ Tool: Crypkey
§ EnTrial Key Generation
§ EnTrial Distribution File
§ EnTrial Product & Package Initialization Dialog
§ Windows Automatic Updates
§ Options for Setting up Windows Automatic Updates on XP
§ Automatic Updates Option on AVG Antivirus
§ Automatic Updates for Internet Explorer
§ Automatic Updates for Mozilla Firefox

Module 33: PCI Compliance and Secure Programming
§ What is PCI compliance
§ PCI Data Security Standard
§ PCI web application requirements
§ OWASP top 10 vulnerabilities
§ Avoiding Injection Flaws
§ Avoiding XSS flaws
§ Avoiding broken authentication and session management
§ Avoiding insecure direct object references
§ Avoiding CSRF flaws
§ Avoiding security misconfiguration
§ Avoiding URL access control flaws
§ Avoiding unvalidated redirects and forwards
§ Avoiding insecure cryptographic storage
§ Avoiding insufficient transport layer protection