ONLINE TRAINING

NT OBJECTives, Inc.
Web Application Security Educational Series
Understanding SQL Injection
Safely Testing your Production Site

SQL Injection is among the most dangerous of web application attacks. Hackers can do anything from accessing confidential data (including credit card numbers and social security numbers) to deleting data from databases. Because of the multiple permutations of SQL Injection attacks, comprehensive testing is extremely difficult. Creating tests that safely test production servers without impacting databases adds another level of difficulty.

This voiceover training session will walk you through the key aspects of SQL Injection attacks as well as methods to safely test your web applications .

Length: 16 minutes

Watch the training session


Inventorying Your Site
You Can't Defend What You Can't Inventory

Unlike network security, where vulnerabilities are in known locations in millions of identical setups, web applications are like snowflakes: no two are the same. The first, and possibly the greatest difficulty in securing web applications is understanding the architecture of the application and the resources (e.g. database queries, logins, etc.) that are vulnerable to attack. Once this is known, security administrators can begin to assess their sites� vulnerabilities to varying types of attacks.

This voiceover training session, will walk you through the most important aspects of inventorying your website.

Length: 9 minutes

Watch the training session


Demo of NTOSpider
(This is a couple years old and needs updating)

This is a recording of a demo of NTOSpider and its features.

Length: 58 minutes

Watch the training session


Coming soon
What to Fix First
Focusing Remediation Priorities

A great deal of time and energy has been focused on finding web application vulnerabilities, with good reason. Because web applications are all unique, and there are many variations on the attacks, efficient vulnerability scanning is critical to securing web applications. But it is only the first step.

A single coding flaw can be replicated on hundreds of links across hundreds of applications and can have thousands or tens of thousands of instantiations across an enterprise. Some of these applications access databases that contain critical data or are mission critical from a business standpoint. Prioritizing, categorizing and assigning the remediation of these vulnerabilities can be as difficult a task as finding them in the first place.

This voiceover training session, created by NT OBJECTives, Inc.