Date: TBA
Duration: 8 Days
Course Overview
Web applications are highly common in our world, and extremely popular by hackers as an entry point to organisations. Many times, those applications (and the data behind them) are actually the main target. Unfortunately, many of these systems contain security loopholes and are highly vulnerable.
Participants will practice finding exploits and harmful web applications as these are one of the first steps any attackers will carry out. In addition, as one of the most common and popular services inside networks, successfully defending all of them is highly demanding.
Learning how to penetrate web apps and how attackers use them as part of their operations will give analysts a significant advantage in defending organisations and investigating potential attacks.
This module is part of Higher Certificate of Cyber Security (Intermediate).
Learning Outcomes
With practical experience in web attacks and a good understanding of webshell and authentication bypass, a cybersecurity analyst will be able to investigate suspicious activities in the organisation’s web services (or by using external web services), evaluate the level of security of the organisation’s web apps, look for security breaches (red team) and suggest possible solutions.
The course enables learners to:
- Learn basic web programming
- Gain practical experience with web attacks such as SQL injection, website code injection, XSS, CSRF
- Obtain a good understanding of webshell and authentication bypass
Topics
- Web development refreshment – HTML, PHP, SQL, JS
- SQL injection
- Website code injection
- SSI injection
- Shell injection
- SSRF
- Directory traversal
- Web shell
- Authentication bypass
- Cross-site Scripting/Request Forgery (XSS/CSRF)
Who Should Attend
- Cyber Security Analyst
- Junior Web Developer
Prerequisites
- Python programming experience
- Linux experience
- Familiarity with HTML, PHP, SQL, Javascript
Course Highlight
This course provides significant hands-on experience with real life case studies. Techniques and tools taught are immediately useful in your day-to-day work.
Training Roadmap
Course Conveners
(Click their photos to view their short biographies)
Mr Dvir Chikvashvili
Mr Dvir Chikvashvili
Mr Dvir Chikvashvili is a cyber security professional specializing in cloud security and currently is the Program Manager at DART.
He started programing at 13 and attained the CCNA certification at 14. He also wrote his first malware at the age of 15.
He has varied experiences both from the IDF and Israel’s wider tech industry.
During his career, he has consistently found a way to integrate his tech skills with his passion for teaching. He has lectured and trained other cyber security professionals in the IDF, Israeli colleges and more recently in Singapore.
He is interested in artificial intelligence, philosophy, woodworking, and biking.
Mr Gur Sharon
Mr Gur Sharon
Mr Gur Sharon is a cyber defense expert with practical experience in SOC, IR, forensics, threat assessment and is a Senior Trainer at DART.
He has a deep passion for network security, with extensive knowledge in network protocols, network security products and network traffic analysis.
After several years in the IDF’s cyber units leading Incident Response and Threat Hunting operations, Gur retired and dedicated himself to cyber security training, coaching hundreds of cyber experts all over the world.
In his free time, Gur solves puzzles, plays different instruments and enjoys exploring Singapore on his bicycle.
Mr Rony Munitz
Mr Rony Munitz
After a decade of different operational roles in red teams, incident response, and threat hunting operations, both as an expert and a team leader, Rony dedicated his time training the next generation of cyber experts. He is currently a Program Manager at DART.
As a researcher, he found several vulnerabilities and developed attack techniques on Windows, Mac and IoT devices. During his career he was a researcher and team leader in IDF Intelligence Corps top cybersecurity unit, Accenture, Novartis and XM Cyber.
Rony is a Japanese food enthusiast and a K-drama fan.
Mr Ron Suhodrev
Mr Ron Suhodrev
Mr Ron Suhodrev is a cybersecurity professional with over 10 years of experience. His first exposure to programming was at 12 years old at Ben Gurion University. At 16, Ron started working as a freelance developer and at 18 joined a prestigious cybersecurity unit in the Intelligence Crops in the IDF.
After his time in the unit, Ron worked as a researcher in leading cybersecurity companies as Trusteer (IBM) and Perception Point while on his spare time tutored computer science university students.
Before moving to Singapore, Ron was the founder of two different startups – one in medical education and another in cybersecurity training and recruitment.
In Singapore, Ron successfully led a two-year-long cybersecurity program and is now acting as Chief Scientist in DART.
Ron’s interests include cutting-edge technology, education, longevity research, philosophy, and diving.
Mr Zhuang Weiliang
Mr Zhuang Weiliang
Mr Zhuang Weiliang has more than 10 years of experience in Intelligence, Weiliang started out in Singapore Armed Forces (SAF) as an Intelligence Officer specializing in analyzing information and production of Intelligence products related to the region.
He transited to the Defence Cyber Organisation (DCO) in MINDEF later in his career, dealing with intelligence collection and analysis of cyber threats pertaining to Singapore. He has also set up the collection and analysis systems while he was there.
He later joined Ensign as a Lead Consultant where he started the Cyber Threat Intelligence (CTI) team providing intelligence products to clients and kept abreast of potential cyber threats. He was also involved in Incident Response and Malware Analysis during his time in Ensign.
As a Lead Trainer at DART, Weiliang’s focus is to train new cyber experts and researchers.
Outside of work Weiliang spends most of his time in Crossfit, Ultimate Frisbee, and keeping up to date with the latest technologies.
Insight from Instructor
“Given the increasing prevalence of technology in our lives, web applications-based attacks are becoming more common. As a red teamer, it is quintessential to have web penetration testing experience.
A skilled web penster can help the organization to take responsibility to its own web applications and services by evaluating the defense level of those apps. Finding potential vulnerabilities will allow the developers and IT department to fix those security holes and raise the security level.”
Rony Munitz
Course Fees
Total Nett Programme Fee Payable, Including GST, after additional funding from the various funding schemes
Participants must fulfill at least 75% attendance and pass all assessment components to be eligible for SSG funding.
To enquire, please email soc-ace@nus.edu.sg
To register, click Register
Select Short Course / Modular Course -> Apply for Myself -> Browse Academic Modules / Short Courses-> Module/Course Category -> Short Courses -> Browse Courses-> Advanced Computing for Exe (Faculty/Department / Unit)
Please download the user guide for NUS Online Application Portal after you click ‘Apply for Myself’ if you need assistance.
Course Fee Breakdown
Singapore Citizens
39 years old or youngerSingapore Citizen
40 years old or older