Upload
ledan
View
240
Download
8
Embed Size (px)
Citation preview
ETHICAL HACKING COURSE HANDS-ON HACKING BANKING EDITION COMPLIANT TO BCSP (BANKING CYBER SECURITY PROFESSIONAL) CERTIFICATION REQUIREMENTS 4 Days, In-Depth, Practical Hands-On Workshop will be conducted in a computer laboratory for Experienced IT Practitioners and IT Security Executives. For private courses, and upon customer request the course can be scheduled in a different way. Class size is limited to 15 delegates. Computers will be provided. Training benefits: This is an in-depth technical hands-on class that aims at imparting knowledge, techniques and processes for: • Testing the security of existing (live or UAT
stage) bank infrastrucutres • Developing web applications securely • Providing a neutral and non-vendor-centric
perspective to evaluate the proper web applications for purchase
• Developing a deep knowledge of the latest threats coming from hackers, carders, phishers and in general all the criminal cyber-criminal underground
• Examine threats and vulnerabilities. • Examine trivial and advanced techniques to
uncover vulnerabilities at different levels • Each concept has a corresponding hands-on
session with the assistance of the trainer • Detail the proper way to fix or avoid each
vulnerability • Provide general management guidelines as
well as deep technical explanations for technologies related to the banking sector
Training Overview This course is targeted at IT professionals who wish to delve deeply into the latest security threats and most advanced techniques used by malicious hackers and cyber criminals today to compromise bank infrastructures and business, with a special focus on server side attacks, client side attacks, networking, middleware, databases, banking applications. The course offers a set of live simulations and live labs featuring a variety of missions on proprietary targets. Who Should Attend? CIOs, CTOs, Architects/Directors/Managers of IT/IS/MIS/DP,IS/IT Planners, IT Strategists, Software Project Leaders, Integration Team Leaders and Database Administrators, IT professionals whose responsibilities include management, high-level design or enterprise business application implementation, e-Commerce and Application Development Senior Managers, Systems Architects
COURSE CONTENT DAY ONE: • Introduction • Bank fingerprinting: advanced network
mapping • Firewalling, IDS/IPS and access control • Vulnerabilities in Operating System, Web
servers and other typical banking services
• Vulnerabilities in a banking web application environment - URL poisoning - Basic and advanced SQL injection - Cross site request forgery - Cross site scripting
• Vulnerabilities at network level • COURSE CONTENT DAY THREE: • Wireless communication protocols:
characteristics and related banking problems: - WiFi - GSM/GPRS/UMTS - RFid - Bluetooth
• Handheld devices: pros and cons in a banking environment
• VOiP pros and cons • Certified mailing systems • Data security, cipher disks • Authentication systems:
- tokens - biometric - smart cards
COURSE CONTENT DAY TWO: • Latest development in:
- viruses - rootkits - trojans
• Man in the middle attacks - network based - at DNS level
• Forensic analysis - tools - procedures
• Incident response guidelines • Security policies • Denial of service attacks
- different forms - mitigative countermeasures
COURSE CONTENT DAY FOUR: • Different form of bank cyber-crimes
with real case studies - carding, phishing, different form of
scams - ID theft (client and bank side) - Client side attacks
• Typical structures of criminal organizations involved in bank crimes
• The underground world of bank carders/phishers/scammers. Meeting the criminals at their own place and understanding the cyber-criminal role-playing and economy models.
• The role of the social engineering in the bank cyber-crimes
• Physical security • Industrial espionage • Auto competitive intelligence • understanding the dynamics between
ISPs, CERTs and cyber police forces
THE COURSE INCLUDES A REALISTIC VIRTUAL BANKING ENVIRONMENT ON WHICH THE STUDENTS WILL PRACTICE THE HACKING TECHNIQUES AND TOPICS COVERED BY THE SEMINAR AND IS COMPLIANT TO SECURITYLAB BANKING CYBER SECURITY PROFESSIONAL CERTIFICATION REQUIREMENTS (BCSP)