"Charting the Course ...

bemutefrogtownΑσφάλεια

18 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

139 εμφανίσεις









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Summary


Description


The Certified Secure Programmer and Certified Secure Application Developer programs will ensure that
programmers and developers are exposed to the inherent security drawbacks in various
programming languages
or architectures. They will be further trained to exercise secure programming practices to overcome these
inherent drawbacks in order to preempt bugs from the code.

Certified Secure Programmer lays the basic
foundation required by al
l application developers and development organizations to produce applications with
greater stability and posing lesser security risks to the consumer. The Certified Secure Application Developer
standardizes the knowledge base for application development b
y incorporating the best practices followed by
experienced experts in the various domains.


The distinguishing aspect of ECSP and CSAD is that unlike vendor or domain specific certifications, it exposes
the aspirant to various programming languages from a

security perspective. This drives greater appreciation for
the platform / architecture / language one specializes on as well as an overview on related ones.


Topics



Introduction to Secure Coding


Designing Secure Architecture


Cryptography


Buffer Overflo
ws


Secure C and C++ Programming


Secure Java and JSP Programming


Secure Java Script and VB Script
Programming


Secure ASP Programming


Secure Microsoft.NET Programming


Secure PHP Programming


Secure PERL Programming


Secure XML, Web Services and AJAX
Programmin
g


Secure RPC, ActiveX and DCOM
Programming


Secure Linux Programming


Secure Linux Kernel Programming


Secure Xcode Programming


Secure Oracle PL/SQL Programming


Secure SQL Server Programming


Secure Network Programming


Windows Socket Programming


Writing Shellc
odes


Writing Exploits


Programming Port Scanners and Hacking
Tools


Secure Mobile phone and PDA
Programming


Secure Game Designing


Securing E
-
Commerce Applications


Software Activation, Piracy Blocking and
Automatic Updates


Secure Application Testing


Writing S
ecure Documentation and Error
Messages



Audience


This course is designed for programmers and application developers.


Duration


Five
days










Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"



EC
-
Council Certified Secure Programmer


Course Outline



I.

Introduction to Secure Coding

A.

Secure Coding

B.

Common Sec
urity Mistakes

C.

Why Security Mistakes Are Made

D.

Need for Secure Programming

E.

Building Blocks of Software Security

F.

Types of Security Vulnerabilities

G.

Vulnerability Cycle

H.

Types of Attacks

I.

Hackers and Attackers

J.

Risk Assessment and Threat Modeling

K.

STRIDE Threat Mo
del

L.

Common Criteria

M.

Security Architecture

N.

Security Principles

O.

Secure Development Checklists

P.

Use of Privilege


II.

Designing Secure Architecture

A.

Introduction to Secure Architecture

B.

Application Security

C.

Factors Affecting Application Security

D.

Software Engineering

and System
Development Life Cycle (SDLC)

E.

Software Development Life Cycle (SDLC)
Phases

F.

Software Methodology Models

G.

Agile Methodologies

H.

Extreme Programming (XP)

I.

Unified Modeling Language (UML)

J.

Vulnerabilities and Other Security Issues in
a Software Applica
tions

K.

Security Through Obscurity

L.

Buffer Overflows

M.

Format String Vulnerabilities and Race
Conditions

N.

Locking Problems

O.

Exception Handling

P.

Fundamentals of Control Granularity

Q.

Fail Safe Design Strategies Concepts

R.

Input and Parameter Validation

S.

Encrypting Secre
ts in Memory and Storage

T.

Scrubbing Information

U.

Privilege Levels for Information Access

V.

Loose Coupling

W.

High Cohesion

X.

Change Management and Version Control

Y.

Software Development Best Practices


III.

Cryptography

A.

Introduction to Cryptography

B.

Encryption

C.

Decryption

D.

U
se Of Cryptography

E.

Classical Cryptographic Techniques

F.

Modern Cryptographic Techniques

G.

Cipher

H.

RSA (Rivest Shamir Adleman)

I.

Example: RSA Algorithm

J.

RSA Attacks

K.

Implementing RSA in C++

L.

Data Encryption Standard (DES)

M.

DES Overview

N.

Implementation of DES in Java

O.

RC
4, RC5, RC6, Blowfish Overview

P.

RC5

Q.

Blowfish Algorithm in C

R.

Message Digest Functions

S.

One
-
way Bash Functions

T.

MD5

U.

Implementing MD5 in Java

V.

Secure Hash Algorithm

W.

Implementing SHA in Java

X.

SSL (Secure Sockets Layer)

Y.

What is SSH?

Z.

Algorithms and Security

AA.

Disk Encr
yption

BB.

Government Access to Keys (GAK)

CC.

Digital Signature

DD.

Components of a Digital Signature

EE.

Method of Digital Signature Technology

FF.

Use of Digital Signature

GG.

Digital Signature Standard

HH.

Digital Signature Algorithm: Signature
Generation/Verification

II.

Digital Sig
nature Algorithms: ECDSA,
ElGamal Signature Scheme

JJ.

Challenges and Opportunities

KK.

Digital Certificates

LL.










Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



MM.

Creating and Verifying a Simple
XML Digital Signature in C#

NN.

Cleversafe Grid Builder

OO.

P
retty Good Privacy

PP.

CypherCalc

QQ.

Command Line Scriptor

RR.

CryptoHeaven

SS.

Cryptanalysis

TT.

Cryptography Attacks

UU.

Brute
-
Force Attack

VV.

The distributed.net Organization

WW.

Summary


IV.

Buffer Overflows

A.

Buffer Overflows

B.

Reasons for Buffer Overflow Attacks

C.

Why Are Programs/Applicat
ions Vulnerable?

D.

Understanding Stacks

E.

Understanding Heaps

F.

Stack
-
based Buffer Overflow

G.

Heap
-
based Buffer Overflow

H.

How to Detect Buffer Overflows in a
Program

I.

Attacking a Real Program

J.

Defense Against Buffer Overflows

K.

Return Address Defender (RAD)

L.

Tool to Def
end Buffer Overflow: StackGuard

M.

Tool to Defend Buffer Overflow: Immunix
System

N.

Vulnerability Search


ICAT

O.

Valgrind

P.

Insure++

Q.

Buffer Overflow Protection Solution: Libsafe

R.

Comparing Functions of libc and Libsafe

S.

Simple Buffer Overflow in C

T.

Code Analysis

U.

Summ
ary


V.

Secure C and C++ Programming

A.

Introduction of C/C++

B.

Vulnerable C/C++ Functions

C.

C/C++ Vulnerabilities

D.

GCC Extension to Protect Stack
-
Smashing
Attacks

E.

Heap
-
Based Buffer Overflow

F.

Off By One/Five Errors

G.

Free Vulnerablility

H.

Secure Memory Allocation Tips

I.

Sym
metric Encryption

J.

Blowfish Algorithm in C

K.

Public Key Cryptography

L.

Networking

M.

Creating an SSL Client in C++

N.

Creating an SSL Server

O.

Random Number Generation Problem

P.

Random Number API

Q.

Anti
-
Tampering

R.

Erasing Data from Memory Securely Using
C/C++

S.

Preventing Mem
ory From Being Paged to
Disk

T.

Using Variable Arguments Properly

U.

Signal Handling

V.

Encapsulation in C++

W.

Best Practices for Input Validation

X.

Code Profiling And Memory Debugging
Tool: Val grind

Y.

Summary


VI.

Secure Java and JSP Programming

A.

Introduction to Java

B.

Java V
irtual Machine (JVM)

C.

Java Security

D.

Sandbox Model

E.

Security Issues with Java

F.

SQL Injection Attack

G.

Preventive Measures for SQL Injection

H.

URL Tampering

I.

Denial
-
of
-
Service (DoS) Attack on Applet

J.

DoS from Opening Untrusted Windows

K.

Preventing DOS Attacks

L.

Class Fil
e Format

M.

Byte Code Attack

N.

Reverse Engineering/ Decompilation by
Mocha

O.

Obfuscation Tools: Jmangle

P.

Cinnabar Canner

Q.

Byte Code Verifier

R.

Class Loader

S.

Building a SimpleClassLoader

T.

Security Manager

U.

jarsigner
-

JAR Signing and Verification Tool









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certif
ied Secure Programmer


Course Outline
(cont‟d)



V.

Signing an Applet Using RSA
-
Signed
Certificates

W.

Signing Tools

X.

Getting RSA Certificates

Y.

Bundling Java Applets as JAR Files

Z.

Signing Java Applets Using Jarsigner

AA.

Signing Java Applets Using Netscape
Signing Too
l

BB.

Security Extensions

CC.

Java Authentication and Authorization
Service (JAAS)

DD.

Java Cryptographic Extension (JCE)

EE.

Java(TM) Secure Socket Extension (JSSE)

FF.

Creating Secure Client Sockets

GG.

Creating Secure Server Sockets

HH.

Choosing the Cipher Suites

II.

Java GSS Security

JJ.

Security From Untrusted User Input

KK.

Cross Site Scripting

LL.

Overcoming Cross Site Scripting Problem

MM.

Permissions in Java

NN.

How to create new types of permissions?

OO.

Security Policy

PP.

Specifying an additional Policy File at
runtime

QQ.

Policy Tool

RR.

Best practices for deve
loping secure Java
Code

SS.

Summary


VII.

Secure Java Script and VB Script
Programming

A.

Script: Introduction

B.

JavaScript Vulnerability

C.

XSS Attacks

D.

Avoiding XSS?

E.

JavaScript Hijacking

F.

Defending Against JavaScript Hijacking

G.

Decline Malicious Requests

H.

Prevent Direct Exec
ution of the JavaScript
Response

I.

Malicious Script Embedded in Client Web
Requests

J.

Malicious Script Embedded in Client Web
Requests: Effects

K.

Malicious Script Embedded in Client Web
Requests: Solution

L.

Tool: Thicket Obfuscator for JavaScript

M.

JavaScript Securi
ty in Mozilla

N.

Netscape's SignTool

O.

Privileges

P.

Tool for Encryption: TagsLock Pro

Q.

Jash: Javascript Command
-
Line Debugging
Tool

R.

Tool: Script Encoder

S.

Tool: Scrambler

T.

VBScript: CryptoAPI Tools

U.

Signing A Script (Windows Script Host)

V.

Verifying a Script

W.

Signature V
erification Policy

X.

Software Restriction Policies for Windows
XP

Y.

Designing a Software Restriction Policy

Z.

Creating Additional Rules

AA.

Blocking Malicious Scripts

BB.

Summary


VIII.

Secure ASP Programming

A.

ASP
-

Introduction

B.

Improving ASP Design

C.

Using Server
-
Side Includes

D.

T
aking Advantage of VBScript Classes

E.

Using Server.Execute

F.

Using Server.Transfer

G.

The #include Directive

H.

BAK Files on the Server

I.

Programming Errors

J.

Detecting Exceptions with Scripting
Language Error
-
Handling Mechanisms

K.

Using VBScript to Detect an Error

L.

Using
Jscript to Detect an Error

M.

Notifying the Support Team When an Error
Occurs Using CheckForError

N.

Attacks on ASP

O.

ASP DypsAntiSpam: A CAPTCHA for ASP

P.

Preventing Automatic Submission With
DypsAntiSpam

Q.

CAPTCHA: Examples

R.

Using Database and ASP Sessions to
Impleme
nt ASP Security

S.

Step 1: Create A User Database Table









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



T.

Step 2: Create And Configure The Virtual
Directory

U.

Step 3: Create The Sample Pages

V.

Step 4: Add Validation Code To Pages

W.

Protecting You
r ASP Pages

X.

Encoding ASP Code: Script Encoder

Y.

Protecting Passwords of ASP Pages with a
One
-
way Hash Function

Z.

ASP Best Practices

AA.

ASP Best Practices: Error Handling

BB.

Summary


IX.

Secure Microsoft.NET Programming

A.

Common Terminology

B.

Microsoft .NET: Introduction

C.

.
NE
T Framework

D.

Security Policy Levels

E.

Security Features in .NET

F.

Key Concepts in .NET Security

G.

Code Access Security (CAS)

H.

Evidence
-
Based Security

I.

Role
-
Based Security

J.

Declarative and Imperative Security

K.

Cryptography

L.

Generate Key for Encryption and Decryption

M.

Sy
mmetric Encryption in .Net

N.

Asymmetric Encryption in .Net

O.

Symmetric Decryption in .Net

P.

Asymmetric Decryption in .Net

Q.

Protecting Client and Server Data Using
Encryption

R.

Cryptographic Signatures

S.

Write a Signature in .Net

T.

Verify a Signature in .Net

U.

Ensuring Da
ta Integrity with Hash Codes

V.

Hash Code Generation

W.

Verification of Hash Code

X.

Permissions

Y.

Code Access Permissions

Z.

Identity Permissions

AA.

Role
-
Based Security Permissions

BB.

SkipVerification

CC.

Stack Walk

DD.

Writing Secure Class Libraries

EE.

Runtime Security Policy

FF.

Step
-
By
-
Step Configuration of Runtime
Security Policies

GG.

Creating a Security Policy
Deployment Package

HH.

Type Safety

II.

Canonicalization

JJ.

Access Control List Editor

KK.

Securing User Credentials and Logon
Information

LL.

Obfuscation

MM.

Dotfuscator: .NET Obfuscator Tool

NN.

Administrati
on Tool: Authorization Manager
(AzMan) with ASP.Net

OO.

ASP.NET Security Architecture

PP.

Authentication and Authorization Strategies

QQ.

URL Authorization

RR.

File Authorization

SS.

Windows Authentication

TT.

Passport Authentication

UU.

Custom Authentication

VV.

Implementing Custom Auth
entication
Scheme

WW.

Configuring Security with
Mscorcfg.msc

XX.

Process Identity for ASP.NET

YY.

Impersonation

ZZ.

Impersonation Sample Code

AAA.

Secure Communication

BBB.

Storing Secrets

CCC.

Options for Storing Secrets in
ASP.NET

DDD.

Web.config Vulnerabilities

EEE.

Securing Session and View S
tate

FFF.

Web Form Considerations

GGG.

Securing Web Services

HHH.

Secure Remoting

III.

Topic 9BJ: Create a Remotable Object

JJJ.

Secure Data Access

KKK.

.NET Security Tools

LLL.

Code Access Security Policy Tool:
Caspol.exe

MMM.

Certificate Creation Tool:
Makecert.exe

NNN.

Certificate Manager Tool:
Ce
rtmgr.exe

OOO.










Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



PPP.

Certificate Verification Tool:
Chktrust.exe

QQQ.

Permissions View Tool:
Permview.exe

RRR.

PEVerify Tool: Peverify.exe

SSS.

Best Practices for .NET Security

TTT.

Summary


X.

Secure PHP Programming

A.

Int
roduction to PHP (Hypertext
Preprocessor)

B.

PHP Security Blunders

C.

Security Sensitive PHP Functions: File
Functions

D.

Security Sensitive PHP Functions:
ezmlm_hash

E.

PHP Vulnerabilities

F.

Common PHP Attacks

G.

Secure PHP Practices

H.

Best Practices for PHP Security

I.

Acunet
ix Web Vulnerability Scanner

J.

Encryption Software: PHP Codelock

K.

Zend Guard

L.

POBS

M.

Summary


XI.

Secure PERL Programming

A.

Introduction: Practical Extraction and Report
Language (PERL)

B.

Common Terminology

C.

Security Issues in Perl Scripts

D.

Basic User Input Vulnerabilitie
s

E.

Overcoming Basic User Input Vulnerabilities

F.

Insecure Environmental Variables

G.

Algorithmic Complexity Attacks

H.

Perl: Taint, Strict, and Warnings

I.

Taint Mode

J.

How Does Taint Mode Work?

K.

Taint Checking

L.

Using Tainted Data

M.

Securing the Program Using Taint

N.

Strict P
ragma

O.

The Setuid Command

P.

The Perl crypt() Function

Q.

Logging Into a Secure Web Site with Perl
Script

R.

Secure Log
-
in Checklist

S.

Program for Secure Log
-
in

T.

Securing open() Function

U.

Unicodes

V.

Displaying Unicode As Text

W.

Summary


XII.

Secure XML, Web Services and AJAX
Pro
gramming

A.

Web Application and Web Services

B.

Web Application Vulnerabilities

C.

XML
-

Introduction

D.

XSLT and XPath

E.

XML Signature

F.

An Enveloped, Enveloping and Detached
XML Signature Simultaneously

G.

XML Encryption

H.

Security Considerations for the XML
Encryption Syntax

I.

Canonicalization

J.

Validation Process in XML

K.

XML Web Services Security

L.

XML
-
aware Network Devices Expand
Network Layer Security

M.

Security of URI in XML

N.

Security of Opaque Data in XML

O.

Growth of XML as Percentage of Network
Traffic

P.

XML Web Services Security Bes
t Practices

Q.

XML Security Tools

R.

V
-
Sentry

S.

Vordel SOAPbox

T.

AJAX
-

Introduction

U.

Anatomy of an AJAX Interaction (Input
Validation Example)

V.

AJAX: Security Issues

W.

How to Prevent AJAX Attacks

X.

Tool: HTML Guardian ™

Y.

Tool: Sprajax
-

AJAX Security Scanner

Z.

Tool: DevInspect

AA.

Summary


XIII.

Secure RPC, ActiveX and DCOM
Programming

A.

RPC Introduction

B.

RPC Authentication









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



C.

RPC Authentication Protoc
ol

D.

NULL Authentication

E.

UNIX Authentication

F.

Data Encryption Standard (DES)
Authentication

G.

Security Methods

H.

Security Support Provider Interface (SSPI)

I.

Security Support Providers (SSPs)

J.

Secure RPC Protocol

K.

RpcServerRegisterAuthInfo Prevents
Unauthorized Users

from Calling your
Server

L.

RPC Programming Best Practices

M.

Make RPC Function Calls

N.

RPC and the Network

O.

Writing a Secure RPC Client or Server

P.

ActiveX Programming: Introduction

Q.

Preventing Repurposing

R.

SiteLock Template

S.

IObjectSafety Interface

T.

Code Signing

U.

Creat
ing a Code Signing Certificate and
Signing an ActiveX Component in Windows

V.

Protecting ActiveX Controls

W.

DCOM: Introduction

X.

Security in DCOM

Y.

Application
-
Level Security

Z.

Security by Configuration

AA.

Programmatic Security

BB.

Run As a Launching user

CC.

Run As a Interacti
ve User

DD.

Run As a Specific User

EE.

Security Problem on the Internet

FF.

Security on the Internet

GG.

Topic 13AH: Heap Overflow
Vulnerability

HH.

Topic 13AI: Workarounds for Heap Overflow
Vulnerability

II.

Tool: DCOMbobulator

JJ.

DCOM Security Best Practices

KK.

Summary


XIV.

Secure Linux
Programming

A.

Introduction

B.

Open Source and Security

C.

Linux File Structure

D.

Basic Linux Commands

E.

Linux Networking Commands

F.

Linux Processes

G.

POSIX Capabilities

H.

UTF
-
8 Security Issues

I.

UTF
-
8 Legal Values

J.

Security Linux Programming Advantages

K.

Requirements for Securit
y Measure
Assurance

L.

Enabling Source Address Verification

M.

Linux iptables and ipchains

N.

Controlling Access by MAC Address

O.

Permitting SSH Access Only

P.

Network Access Control

Q.

Layers of Security for Incoming Network
Connections

R.

Prohibiting Root Logins on Terminal

Devices

S.

Authentication Techniques

T.

Authorization Controls

U.

Running a Root Login Shell

V.

Protecting Outgoing Network Connections

W.

Logging in to a Remote Host

X.

Invoking Remote Programs

Y.

Copying Remote Files

Z.

Public
-
key Authentication between
OpenSSH Client and Serv
er

AA.

Authenticating in Cron Jobs

BB.

Protecting Files

CC.

File Permissions

DD.

Shared Directory

EE.

Encrypting Files

FF.

Listing Your Keyring

GG.

Signing and Encrypting Files

HH.

Encrypting Directories

II.

POP/IMAP Mail Server

JJ.

Testing an SSL Mail Connection

KK.

Securing POP/IMAP with SSL and P
ine

LL.

SMTP Server

MM.

Testing and Monitoring

NN.

Testing Login Passwords (John the Ripper)

OO.

Testing Login Passwords (CrackLib)

PP.

Testing Search Path

QQ.

Searching Filesystems Effectively

RR.

Finding Setuid (or Setgid) Programs

SS.

Securing Device Special Files

TT.

Looking for Rootkits









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



UU.

Tracing Processes

VV.

Observing Network Traffic

WW.

Detecting Insecure Network
Protocols

XX.

Detecting Intrusions with Snort

YY.

Log Files (syslog)

ZZ.

Testing a Syslog Configuration

AAA.

Logwatch Filter

BBB.

Structu
re Program Internals and
Approach

CCC.

Minimize Privileges Sample Code

DDD.

Filter Cross
-
Site Malicious Content
on Input

EEE.

Filter HTML/URIs that may be Re
-
Presented

FFF.

Avoid Buffer Overflow

GGG.

Language−Specific Issues

HHH.

Linux Application Auditing Tool:
grsecurity

III.

Summary


XV.

Sec
ure Linux Kernel Programming

A.

Introduction to Kernels

B.

Building a Linux Kernel

C.

Procedures to Follow Post
-
Build

D.

Compiling a Linux Kernel

E.

Summary


XVI.

Secure Xcode Programming

A.

Introduction to Xcode

B.

Mac OS X applications

C.

Cocoa

D.

Carbon

E.

AppleScript

F.

Script Editor

G.

Scrip
t Window

H.

Common Data Security Architecture (CDSA)

I.

Secure Transport API Set and
Cryptographic Service Provider (CSP)

J.

Creating SSL Certificate on Mac OS X
Server

K.

Using SSL with the Web Server

L.

Setting up SSL for LDAP

M.

Protecting Security Information

N.

Security i
n Mac OS X

O.

Security Management Using System
Preferences

P.

Authentication Methods

Q.

Encrypted disk images

R.

Networking Security Standards

S.

Personal firewall

T.

Checklist of Recommended steps required
to secure Mac OS X

U.

Summary


XVII.

Secure Oracle PL/SQL Programming

A.

Introd
uction: PL/SQL

B.

Security Issues in Oracle

C.

SQL Injection Attacks

D.

Defending Against SQL Injection Attacks

E.

SQL Manipulation

F.

Code Injection Attack

G.

Function Call Injection Attack

H.

Buffer Overflow and Other Vulnerabilities

I.

DBMS_SQL Vulnerabilities in PL/SQL

J.

Protec
ting DBMS_SQL in PL/SQL

K.

Types of Database Vulnerability/Attacks

L.

Password Management Policy

M.

Auditing Policy

N.

Oracle Policy Manager

O.

Oracle Label Security (OLS)

P.

Create an Oracle Label Security Policy

Q.

Step 1: Define the Policy

R.

Step 2: Define the Components of t
he
Labels

S.

Step 3: Identify the Set of Valid Data Labels

T.

Step 4: Apply Policy to Tables and Schemas

U.

Step 5: Authorize Users

V.

Step 6: Create and Authorize Trusted
Program Units (Optional)

W.

Step 7: Configure Auditing (Optional)

X.

Oracle Identity Management

Y.

Securi
ty Tools

Z.

Secure Backups: Tool

AA.

Obfuscation

BB.

Obfuscation Sample Code

CC.

Encryption Using DBMS_CRYPTO

DD.

Advanced Security Option

EE.

Row Level Security

FF.

Oracle Database Vaults: Tool









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



GG.

Auditing

HH.

Auditing M
ethods

II.

Audit Options

JJ.

View Audit Trail

KK.

Fine
-
Grained Auditing (FGA)

LL.

Oracle Auditing Tools (OAT)

MM.

Testing PL/SQL Programs

NN.

SQL Unit Testing Tools: SPUnit

OO.

SQL Unit Testing Tools: TSQLUnit

PP.

SQL Unit Testing Tools: utPLSQL

QQ.

Steps to Use utPLSQL

RR.

Summary


XVIII.

Secure SQL S
erver Programming

A.

Introduction

B.

SQL Server Security Model: Login

C.

Creating an SQL Server Login

D.

Database User

E.

Guest User

F.

Permissions

G.

Database Engine Permissions Hierarchy

H.

Roles

I.

User
-
Defined Roles

J.

Application roles

K.

Security Features of MS
-
SQL Server 2005

L.

SQL S
erver Security Vulnerabilities

M.

SQL Injection Attacks

N.

Preventing SQL Injection Attacks

O.

Sqlninja: SQL Server Injection Tool

P.

Data Encryption

Q.

Built
-
in Encryption Capabilities

R.

Encryption Keys

S.

Encryption Hierarchy

T.

Transact
-
SQL

U.

Create Symmetric Key in T
-
SQL

V.

Creat
e Asymmetric Key in T
-
SQL

W.

Certificates

X.

Create Certificate in T
-
SQL

Y.

SQL Server Security: Administrator
Checklist

Z.

SQL Server Installation

AA.

Best Practices for Database Object
Authorization

BB.

Auditing and Intrusion Detection

CC.

Enabling Auditing

DD.

Database Security Au
diting Tools

XIX.

Secure Network Programming

A.

Basic Network Concepts

B.

Basic Web Concepts

C.

Network Programming

D.

Benefits of Secure Network Programming

E.

Network Interface

F.

Securing Sockets

G.

Ports

H.

UDP Datagram and Sockets

I.

Internet Address

J.

Connecting to secure websites

K.

UR
L Decoder

L.

Reading Directly from a URL

M.

Content Handler

N.

Cookie Policy

O.

RMI Connector

P.

.N
ET

: Internet Authentication

Q.

Network Scanning Tool: ScanFi

R.

Network Programming Best Practices

S.

Summary


XX.

Windows Socket Programming

A.

Introduction to Windows Sockets

B.

Windows NT

and Windows 2000 Sockets
Architecture

C.

Socket Programming

D.

Client Side Socket Programming

E.

Initializing a Socket and Connecting

F.

Server
-
Side Socket Programming

G.

Creating a Server

H.

Winsock 2.0

I.

Winsock Linking Methods

J.

Starting a Winsock 2 API

K.

Accepting Connection
s: AcceptEx

L.

WinSock: TransmitFile and TransmitPackets

M.

Grabbing a Web Page Using Winsock

N.

Generic File


Grabbing Application

O.

Writing Client Applications

P.

TCP Client Application Sample Code

Q.

Writing Server Applications

R.

TCP Server Application Sample Code

S.

Winsoc
k Secure Socket Extensions

T.

WSADeleteSocketPeerTargetName
Function

U.

WSAImpersonateSocketPeer Function

V.

WSAQuerySocketSecurity









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



W.

WSARevertImpersonation Function

X.

WSASetSocketPeerTargetName Funct
ion

Y.

WSASetSocketSecurity Function

Z.

SOCKET_SECURITY_SETTINGS

AA.

Using WinSock to Execute a Web Attack

BB.

Using Winsock to Execute a Remote Buffer
Overflow

CC.

MDACDos Application

DD.

Summary


XXI.

Writing Shellcodes

A.

Shellcode Introduction

B.

Shellcode Development Tools

C.

Remote She
llcode

D.

Port Binding Shellcode

E.

FreeBSD Port Binding Shellcode

F.

Clean Port Binding Shellcode

G.

Socket Descriptor Reuse Shellcode

H.

Local Shellcode

I.

The execve Shellcode

J.

Executing /bin/sh

K.

Byte Code

L.

The setuid Shellcode

M.

The chroot Shellcode

N.

Breaking of chroot jails
(Traditional Method)

O.

Breaking Out of Chroot Jails on Linux
Kernels

P.

Windows Shellcode

Q.

Shellcode Examples

R.

Steps to Execute Shell Code Assembly

S.

The Write System Call

T.

Linux Shellcode for “Hello, world!”

U.

The Write System Call in FreeBSD

V.

The execve Shellcode in
C

W.

FreeBSD execve jmp/call Style

X.

FreeBSD execve Push Style

Y.

FreeBSD execve Push Style, Several
Arguments

Z.

Implementation of execve on Linux

AA.

Linux Push execve Shellcode

BB.

System Calls

CC.

The Socket System Call

DD.

The Bind System Call

EE.

The Listen System Call

FF.

The Accept
System Call

GG.

The dup2 System Calls

HH.

The execve System Call

II.

Linux Port Binding Shellcode

JJ.

Compile, Print, and Test Shellcode

KK.

Reverse Connection Shellcode

LL.

Socket Reusing Shellcode

MM.

Linux Implementation of Socket
Reusing Shellcode

NN.

Reusing File Descriptors

OO.

Using t
he setuid Root

PP.

Using the ltrace utility

QQ.

Using GDB

RR.

Assembly Implementation

SS.

SysCall Trace

TT.

RW Shellcode

UU.

Encoding Shellcode

VV.

Decoder Implementation and Analysis

WW.

Decoder Implementation Program

XX.

Results of Implementation Program

YY.

OS
-
Spanning Shellcode

ZZ.

Assembly Crea
tion

AAA.

Summary


XXII.

Writing Exploits

A.

Introduction to Writing Exploits

B.

Targeting Vulnerabilities

C.

Remote and Local Exploits

D.

Remote and Local Exploits

E.

A Two
-
Stage Exploit

F.

Format String Attacks

G.

Using %n Character

H.

Fixing Format String Bugs

I.

User
-
Supplied Format String

Vulnerability
CVE
-
2000
-
0763

J.

TCP/IP Vulnerabilities

K.

Race Conditions

L.

File Race Conditions

M.

Signal Race Conditions

N.

Input Validation Error in a man Program

O.

Case Study: „man‟ Input Validation Error
(Snippet 1)

P.

Case Study: „man‟ Input Validation Error
(Snippet 2
)

Q.

Writing Exploits and Vulnerability Checking
Programs

R.

Stack Overflow Exploits

S.

Memory Organization









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



T.

Stack Overflows

U.

Finding Exploitable Stack Overflows in
Open
-
Source Software

V.

Finding Expl
oitable Stack Overflows in
Closed
-
Source Software

W.

Heap Corruption Exploits

X.

Doug Lea Malloc

Y.

Figure: Dlmalloc Chunk

Z.

Figures: Fake Chunk, Overwritten Chunk

AA.

OpenSSL SSLv2 Malformed Client Key
Remote Buffer Overflow Vulnerability CAN
-
2002
-
0656

BB.

Exploitation

CC.

Expl
oitation Sample Code

DD.

The Complication

EE.

Improving the Exploit

FF.

Integer Bug Exploits

GG.

Integer Wrapping

HH.

Program: Addition
-
Based Integer Wrapping

II.

Multiplication
-
Based Integer Wrapping

JJ.

Bypassing Size Checks

KK.

Using the Metasploit Framework

LL.

Determining Attack Vector

MM.

Finding the Offset: Overwriting the
Return Address

NN.

The First Attack String

OO.

Overwriting EIP with a Known
Pattern

PP.

Selecting a Control Vector

QQ.

Finding a Return Address

RR.

Selecting the Search Method in the
Metasploit Opcode Database

SS.

Search Method in Metasploit Op
code
Database

TT.

Using the Return Address

UU.

Increasing Reliability with a Nop Sled

VV.

Choosing a Payload and Encoder

WW.

List of Available Encoders

XX.

Choosing a Payload and Encoder:
msfencode Results

YY.

The msfweb Payload Generation

ZZ.

Setting msfweb Payload Options

AAA.

msfweb Ge
nerated and Encoded
Payload

BBB.

Integrating Exploits into Framework

CCC.

Summary


XXIII.

Programming Port Scanners and Hacking
Tools

A.

Port Scanner

B.

libpcap

C.

Packet Capturing Example

D.

Saving Captured Packets to a File

E.

The wiretap Library

F.

Adding a new file format to the wiretap

library

G.

The wtap Struct

H.

Creating a New Dissector

I.

Programming the Dissector

J.

Adding a tap Module

K.

Nessus Attack Scripting Language (NASL)

L.

Writing Personal
-
Use Tools in NASL

M.

Programming in the Nessus Framework

N.

Porting to and from NASL

O.

Metasploit Framework (MS
F)

P.

msfweb Interface

Q.

Selecting the Exploit Module

R.

The msfconsole Interface

S.

The msfcli Interface

T.

Updating the MSF

U.

Writing Basic Rules

V.

The Rule Header

W.

Rule Options

X.

Writing Advanced Rules: Perl
-
Compatible
Regular Expressions (PCRE)

Y.

The Byte_test and Byte_jump
Function

Z.

Optimizing Rules

AA.

Testing Rules

BB.

Writing Detection Plugins

CC.

Netcat Source Code

DD.

Summary


XXIV.

Secure Mobile phone and PDA
Programming

A.

Mobile Phone Programming

B.

Different OS Structure in Mobile Phone

C.

Symbian Operating System

D.

Guidelines for Securing Symbian O
S









Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



E.

PalmOS

F.

PalmOS Vulnerabilities

G.

HotSync Vulnerability

H.

Creator ID Switching

I.

Windows Mobile

J.

Calling Secure Web Services

K.

Security Practices for Windows Mobile
Programming

L.

Comparison of Commo
n Programming
Tasks

M.

PDA Programming

N.

PDA Security Issues

O.

Security Policies for PDAs

P.

PDA Security Products

Q.

PDA Security Vendors

R.

Java 2 Micro Edition (J2ME)

S.

J2ME Architecture

T.

J2ME Security Issues

U.

CLDC Security

V.

Mobile Information Device Profile (MIDP)

W.

MIDP Sec
urity

X.

Programming the BlackBerry With J2ME

Y.

Security and Trust Services API (SATSA) for
J2ME: The Security APIs

Z.

Certificate Enrollment in SATSA

AA.

Generating a Private Key and Certificate
Signing Request in SATSA

BB.

Verifying the CSR

CC.

Storing a Certificate into th
e Certificate Local
Store

DD.

Data Integrity with Message Digests

EE.

Generating a Message Digest

FF.

Verifying a Message Digest

GG.

Authentication With Digital
Signatures

HH.

Signing a byte Array for Authentication
Purposes

II.

Verifying a Digital Signature using SATSA

JJ.

Data Conf
identiality
-

Using Ciphers for Data
Encryption

KK.

Using Cipher to Encrypt Data using a
Symmetric Encryption

LL.

Using Cipher to Decrypt Data using a
Symmetric Encryption

MM.

Security Issues in Bluetooth

NN.

Security Attacks in Bluetooth Devices

OO.

Bluetooth security

PP.

Blueto
oth Security : Key Management

QQ.

Tool: Bluekey

RR.

Tool: BlueWatch

SS.

Tool: BlueSweep

TT.

Tool: Bluediving

UU.

Tool: Smartphone Security Client

VV.

Tool: BlueFire Mobile Security Enterprise
Edition

WW.

Mobile Phone Security Tips

XX.

Defending Cell Phones and PDAs Against
Attack

YY.

Antivir
us Tools for Mobile Devices

ZZ.

Secure Antivirus for Palm OS

AAA.

Summary


XXV.

Secure Game Designing

A.

Game Designing Introduction

B.

Threats to Online Gaming

C.

Game Authoring Tools

D.

Game Engine

E.

Best Practices for Secure Game Designing

F.

Summary


XXVI.

Securing E
-
Commerce Applications

A.

Purpose of Secure E
-
Commerce Application

B.

E
-
Business Concepts: Secure Electronic
Transaction (SET)

C.

Using SET

D.

Secure Socket Layer (SSL)

E.

SSL Certificates

F.

VeriSign SSL Certificates

G.

Entrust SSL Certificates

H.

Digital Certificates

I.

Digital Signature

J.

Digital Signat
ure Algorithms: ECDSA,
ElGamal Signature Scheme

K.

HACKER SAFE® Certification

L.

HACKER SAFE Technology

M.

Guidelines for Developing Secure E
-
Commerce Applications

N.

Summary











Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. Re
ferences to other companies and their products are for informational
purposes only, and all trademarks are the properties of their
respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generi
cally


PT7656_ECCOUNCILCERT
IFIEDSECUREPROGRAMME
R.DOC



"Charting the Course ...

... to Your Success!"


EC
-
Council Certified Secure Programmer


Course Outline
(cont‟d)



XXVII.

Software Activation, P
iracy Blocking and
Automatic Updates

A.

Software Activation: Introduction

B.

Software Activation Process

C.

Software Activation: Advantages

D.

Activation Explained

E.

Online License Management Server

F.

Activation Policies

G.

Policy Control Parameters

H.

Piracy

I.

The Effects of pir
acy

J.

Piracy Blocking

K.

Digital Right Management (DRM)

L.

Software Piracy Protection Strategies

M.

Copy protection for DVDs

N.

Application Framework

DVD Copy
Protection System

O.

Content Protection During Digital
Transmission

P.

Watermark System Design Issues

Q.

Costs Effectiv
eness

R.

False Positives Rate

S.

Interaction with MPEG compression

T.

Detector Placement

U.

Copy Generation Management

V.

Tool: Crypkey

W.

EnTrial Key Generation

X.

EnTrial Distribution File

Y.

EnTrial Product & Package Initialization
Dialog

Z.

Windows Automatic Updates

AA.

Summary


XXVIII.

Sec
ure Application Testing

A.

Software Development Life Cycle (SDLC)

B.

Introduction to Testing

C.

Types of Testing

D.

White Box Testing

E.

Types of White Box Testing

F.

Dynamic White
-
Box Testing

G.

Integration Test

H.

Regression Testing

I.

System Testing

J.

Black Box Testing

K.

Load Testing

L.

Strategies
for

Load Testing

M.

Functional Testing

N.

Testing Steps

O.

Creating Test Strategy

P.

Creating Test Plan

Q.

Creating Test Cases and Test Data

R.

Executing, Bug Fixing and Retesting

S.

Classic Testing Mistakes

T.

User Interface Errors

U.

Good User Interfaces

V.

Use Automatic
Testing and Tools

W.

Generic Code Review Che

X.

Software Testing Best Practices

Y.

Testing Tool

Z.

Real Time Testing

AA.

Summary


XXIX.

Writing Secure Documentation and Error
Messages

A.

Error Message

B.

Common Error Messages

C.

Error Messages: Categories

D.

Good Error Message

E.

Error Messag
e in a Well
-
designed
Application

F.

Good Error Message Example

G.

Miscommunications in Error Messages

H.

Error Message Usability Checklist

I.

Guidelines For Creating Effective Error
Messages

J.

Best Practices for Designing Error
Messages

K.

Error Messages: Examples

L.

Security

Issues in an Error Message

M.

Security Precautions in Documentation

N.

Summary