EC - Council Authorized Training PartnerExamination Center Reseller

EC-Council Certification in: CEH  ECSA/LPT  CHFI
Training in:
Web Application Penetration Testing,
Network Security Testing,
Android Application Security Testing,
IOS Application Security Testing..

About

ZYBEAK TECHNOLOGIES is an organization that understands the stringent requirements of business and is committed to meet those exacting standards. ZYBEAK Technologies is a dynamic Training Institute started with a vision to impart hi-end technology courses to the IT community for their excellent career development. We also empower the students of schools and colleges in various skill sets as per their stream, interest and guide them for their better career. We train them in real time environment there by making them technically fit to the current industry requirements. Zybeak Technologies wants to be an high-end technology partner through continuous process improvement.







CHENNAI:

#1961 B Asiad Colony, Vijaya Complex, 4th Floor, Anna Nagar West Extn., Chennai - 600 101 : Ph: 6565 8585, Mb: 9884033369





NEW YORK:

#20, Jay Street, 10014 New York, 11201 Brooklyn, 443-255-8908.


hr@zybeak.com
Course Completed
Certification Done
Placed
Awards Won (Best ATC)

EC-Council

                                                         Download iLearn Form, Fill, Sign, Scan and send to ram@zybeak.com along with Payment Details.

    •             Bank Details:  ZYBEAK TECHNOLOGIES  HDFC BANK  Anna Nagar  Branch  Current Account No. 50200012121077   IFSC:  HDFC0000017
    • Infosec Training

      •                                               
        WEB APPLICATION PENETRATION TESTING:
        ADVANCED WEB APPLICATION SECURITY WITH KALI LINUX FOR HIGHLY SECURED ENVIRONMENTS

        In-depth, Real-time and Project oriented Web Application Security Training Program for those who want a Career in INFORMATION SECURITY.

        WEB APPLICATION SECURITY
        1. Introduction to web applications architecture You will lean about the basic functionality of web application, how they will work. Protocols and. Key web technologies.
        2. Web application pentest Process You will learn about the pentesting process,standards, reporting methodology and best practices to adopt while performing testin.
        3. Information Gathering You will learn, how to gather information about the application entry points and their functionality to create attack surface.
        4. Authentication You will learn, how to gather information about the application entry points and their functionality to create attack surface.
        5. Authorization You will learn, authorization mechanism and attack vectors to escalate to higher privilege level and access control
        6. Session Management In this module, you will learn about session management to track users and attack vectors to hijack or steal cookie.
        7. Injection You will learn about injection attacks such as sql injection, ldap,xpath and command injection.
        8. Cross site scripting You will learn about types of xss their impacts as well as their countermeasure.
        9. Client side attacks You will learn about client side attack vectors such as csrf, clickjacking and their countermeasures
        10. Web services testing You will learn about web services architecture and mechanisms, how well we can attack the services.
        11. Tools and utilitie You will learn about tools to automate our attacks and utilities to simplfy things.

        KALI LINUX
        1. Injection:
        2. Broken authentication and session managment:
        3. Cross site scripting (xss):
        4. Insecure direct object references overview:
        5. Security Misconfiguration:
        6. Sensitive data exposure:
        7. Missing Function Level Access control :
        8. Cross site request forgery:
        9. Using components with know vulnerabilities:
        10. Unvalidated redirects and forwards overview:
        11. Bufferoverflows:
        12. Injection flaws:
        13. Insecure storage:
        14. Unvalidated Input:
        15. Command Execution:

      •                                               
        NETWORK SECURITY TESTING
        ADVANCED NETWORK SECURITY

        This course is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information. Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them.

        OBJECTIVES : YOU WILL LEARN
        Troubleshooting Network -Hardening Router -Hardening Operating System -Patch Management -Application Security -Log Analysis -Web Security -Email Security -Virtual Private Network -Authentication: Encryption -Cryptography and Digital Signature -Wireless Network Security -Creating Fault Tolerance -Incident Response -Disaster Recovery and Planning -Network Vulnerability Assessment -Fundamentals of the Network -Network Protocols -Protocol Analysis -Hardening Physical Security -Network Security -Security Standards Organization -Security Policy -IEEE Standards -Network Security Threats -Intrusion Detection System (IDS) -Intrusion 1h 1m Prevention -System (IPS) -Security Standards -Firewalls -Packet Filtering and Proxy Server -Bastion Host and Honeypots -Securing Modems

        REQUIREMENTS
        Basics of Networking -Knowledge of any Operating System

      •                                               
        ANDROID APPLICATION SECURITY TESTING
        ADVANCED ANDROID PENETRATION TESTING

        The ubiquity of the Android mobile platform and growing threats to mobile applications calls for increased vigilance on the part of organizations developing Android software applications.This course will focus on the techniques and tools for testing the security of Android mobile applications. During this course the students will learn about important topics such as the Android Security model, the Android runtime, how to perform static analysis, traffic manipulation, memory dumps, debugging , code modification and dynamic analysis – from zero knowledge of the APK to full exploitation. Students of this course will learn how to operate and make the best of the AppUse custom VM for Android application penetration testing, from its own creators. By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application such as insecure storage, traffic manipulation, malicious intents, authentication and authorization problems, client side SQLi, bad cryptography, and more.

        THIS COURSE
        Introduces the Android application framework and major software components involved in Android programming. Introduces Android security controls as well as discusses potential security gaps. Provides guidance on analyzing, reverse engineering, and decompiling Android applications. Reviews an Android mobile security case study. Includes hands-on lab exercises on penetration testing and reverse engineering an Android application.

        OBJECTIVES OF THE COURSE
        Understand the Android application threat landscape. Perform penetration testing on android mobile apps. Identify vulnerabilities and exploit them – from zero knowledge of the APK to full exploitation. Operate AppSec Labs’ unique AppUse customized VM for android pen-testing.

        REQUIREMENTS
        Before attending this course, students should be familiar with:
        Common security concepts Basic knowledge of the Linux OS Development background and basic knowledge of the Android development platform.

      •                                               
        IOS APPLICATION SECURITY TESTING
        ADVANCED IOS PENETRATION TESTING

        The ubiquity of the Apple iOS mobile platform and growing threats to mobile applications calls for increased vigilance on the part of organizations developing iOS software applications. This hands-on 1-day course introduces students to the iOS application architecture and how to perform security analysis of iOS applications and devices. The course also includes hands-on exercises where students are provided the opportunity to model attacks and perform penetration testing and reverse engineering of an iPhone/iPad application.

        THIS COURSE
        Introduces the iOS application framework and major software components involved in. iOS programming. Introduces iOS security controls as well as discusses potential security gaps. Provides guidance on analyzing, reverse engineering, and decompiling iOS applications. Includes hands-on lab exercises on penetration testing and reverse engineering an iOS application.

        OBJECTIVES OF THE COURSE
        Understand the iOS ecosystem and application architecture. Understand components of the iOS data storage and security models. Identify specific threats and risks associated with the iOS mobile platform. Perform a hands-on penetration test and reverse engineer an iOS application.

        REQUIREMENTS
        Before attending this course, students should be familiar with:
        Common security concepts Basic knowledge of the Linux OS Development background and basic knowledge of the IOS development platform.

VMEdu

  • Project Management Professional

    PMstudy is a brand of VMEdu Inc which is Project Management Institute(PMI)® Approved Global Registered Education Provider, specializing in providing quality education to prepare students for Project Management Professional (PMP)® and Certified Associate in Project Management (CAPM)® Certification Exams, conducting both Online and Classroom training programs. PMstudy also offers 100% online continuing education courses for PMP certified professionals. PMstudy has registered a success rate of 98.7%, and has a track record of assisting 100,000+ students.
    PMstudy had recognized the need for a robust technology platform that would enable its complex back-office operations, and enable collaboration, transaction processing, and required MIS to those involved in operations. PMstudy operates with a complex set of business rules.

  • Scrum and Agile Methodology

    SCRUMstudy.com (global accreditation body for Scrum and Agile certifications). SCRUMstudy® has the best quality and most comprehensive learning resources and certifications for Scrum and Agile including 800+ high quality videos, the Scrum Body of Knowledge (SBOK Guide) which can be downloaded for free, illustrative case studies, 1,500+ questions, study guides, classroom training material, online courses, the VMEdu Mobile App and more.

  • Digital Marketing

    SMstudy® Certified Digital Marketing Experts are experienced in facilitating well-planned digital marketing strategies to meet the targets set by the Corporate Marketing Strategy. Given the nature of the constantly evolving online world - with new channels developing with greater frequency, and audiences exploring new sources of online content- Digital Marketing is one of the most crucial aspects of sales and marketing. SMstudy® Certified Digital Marketing Experts are able to define all marketing activities that use electronic devices connected to the internet to engage with customers. Experts will also be able to plan, develop and optimize available digital marketing channels to achieve the objectives defined for a product.
    Successful candidates will be awarded the SMstudy® Marketing Strategy Expert certification by SMstudy after passing the exam.

For Training Contact:  Mr Vishwanath:  Email: viswa@zybeak.com  Mobile:  +91  7219608858

Services

Web Application Testing

What is Web Application Testing?
Web application testing, a software testing technique exclusively adopted to test the applications that are hosted on web in which the application interfaces and other functionalities are tested.
Web Application Testing - Techniques:

  • 1. Functionality Testing - The below are some of the checks that are performed but not limited to the below list:
  • Verify there is no dead page or invalid redirects.
  • First check all the validations on each field.
  • Wrong inputs to perform negative testing.
  • Verify the workflow of the system.
  • Verify the data integrity.
  • 2. Usability testing - To verify how the application is easy to use with.
  • Test the navigation and controls.
  • Content checking.
  • Check for user intuition.
  • 3. Interface testing - Performed to verify the interface and the dataflow from one system to other.
  • 4. Compatibility testing- Compatibility testing is performed based on the context of the application.
  • Browser compatibility
  • Operating system compatibility
  • Compatible to various devices like notebook, mobile, etc.
  • 5. Performance testing - Performed to verify the server response time and throughput under various load conditions.
  • Load testing - It is the simplest form of testing conducted to understand the behaviour of the system under a specific load. Load testing will result in measuring important business critical transactions and load on the database, application server, etc. are also monitored.
  • Stress testing - It is performed to find the upper limit capacity of the system and also to determine how the system performs if the current load goes well above the expected maximum.
  • Soak testing - Soak Testing also known as endurance testing, is performed to determine the system parameters under continuous expected load. During soak tests the parameters such as memory utilization is monitored to detect memory leaks or other performance issues. The main aim is to discover the system's performance under sustained use.
  • Spike testing - Spike testing is performed by increasing the number of users suddenly by a very large amount and measuring the performance of the system. The main aim is to determine whether the system will be able to sustain the work load.
  • 6. Security testing - Performed to verify if the application is secured on web as data theft and unauthorized access are more common issues and below are some of the techniques to verify the security level of the system.
  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • Mobile Application Testing

    Mobile applications – an Overview
  • More and more consumers are using mobile / smart phones – so mobile applications are a great way to directly connect with customers. They connect with consumers in real-time and therefore provide services anytime anywhere.
  • Mobile applications can be categorized under communications, games, utilities, multimedia, productivity and travel based on their functionality.
  • From a technical point of view, mobile applications can be differentiated by the runtime environment they run in:
  • Operating systems such as Symbian, Windows Mobile and Linux Platforms and virtual machines such as .Net Mobile, Java/J2ME, BREW, Flash Lite and Silverlight Note: This article discusses testing of JAVA/J2ME based mobile applications. Although, similar approach may be followed for testing mobile applications based on other platforms.
  • Prerequisites for a Mobile Application Security Assessment Installation file for the application : Generic / device specific A mobile application is usually distributed as either a jar/jad file. The application jad/jar file may be different for different mobile model/make and operating system. Emulator: Generic / device specific An emulator is a software application which allows a computer to run programs written for Mobile devices.
  • You may use J2ME emulator which is generic. Many device specific emulators are also freely downloadable.
  • If the jar / jad file doesn’t run on the generic emulator then it means it searches for device specifications, which are not present in generic emulators. It is then a good idea to try emulating the application on device specific emulators. Procedure
  • Mobile application security assessment also follows the same step by step procedure as a normal application security assessment such as:
  • Threat Profiling
  • Test Planning
  • Test execution
  • Reporting
  • Categories of Applicable Tests
  • All the tests relevant to a thick client application can be applicable to mobile applications.
  • Authentication checks
  • Input Validation checks
  • Session Management checks
  • Encryption checks
  • Application checks
  • SQL injection checks
  • LDAP injection checks
  • XPATH injection checks
  • Relevant Tools
  • Web Proxy editor / thick client proxy
  • Usually the mobile applications communicate with server using SMS or GPRS.
  • Special tools are required to intercept the SMS traffic which may not be freely available. Further more; sending SMS to a server via emulator is not possible as of now. Thus that may not be a viable option. It is easier to intercept GPRS traffic as GPRS uses http. Thus GPRS requests and responses can be captured in any web proxy tool.
  • 2. Burp Web Proxy
  • In an emulator you can set the http proxy in preferences > network settings or in settings etc.
  • If in the emulator there is no such option then if the manifest / .ini /.config file has the server URL, which can be replaced with http://127.0.0.1:8080 [can also try web scarab as reverse proxy]
  • You could also try hooking echo mirage to the emulator.exe by injecting into process. [Try using sysinternals to find the actual executable name.]
  • Memory reader like winhex to read the executable’s memory for sensitive information such as User Id, Mpin etc. Network protocol analyzer like ethereal for sniffing packets Process monitor [for files, registry, processes] Registry key reading utility like user assist DI hell [for listing out the .dll files called by the application] Disassembler like softice Decompiler [decompiling .class files to .java files] JADmaker [converts jar file to jad file]
  • 3. JADMaker
  • IDE for JAVA development like eclipse with eclipseME plug-in
  • Alternative Tests In absence of an emulated environment, it might not be possible to capture requests in proxy. Then as an alternative, architecture review and reverse engineering can be carried out.
  • Architecture Review
  • Study of Network architecture.
  • Identifying each component and its role during end to end communication.
  • Reviewing the encryption mechanism used and its implementation.
  • Channels used for communication.
  • Communication packet architecture and content.
  • Configuration of a client.
  • Information stored locally in [.db, .ini, .config, .dll, .rms, etc] files.
  • Read / Modify information from locally stored files.
  • Reverse Engineering
  • Extract from the Jar file the constituent class files.
  • Decompile the class files to obtain the source code.
  • From the obtained source code remove obfuscation, if present.
  • Study the code for hard coded sensitive information.
  • Write/modify code to defeat the validations/encryption.
  • Compile the modified code of the classes in to jar file.
  • Now try to emulate the application on the computer, using new jar file.
  • If this succeeds then make a test plan according to the captured requests.
  • Execute the test plan.
  • Future Improvement
  • Being able to achieve the following would overcome many of the obstacles faced while testing mobile applications:
  • Capturing SMS via a proxy tool
  • Bypassing SMS
  • Sending SMS to server from emulator.

  • Source Code Analysis

  • Source code analysis is the automated testing of source code for the purpose of debugging a computer program or application before it is distributed or sold. Source code consists of statements created with a text editor or visual programming tool and then saved in a file. The source code is the most permanent form of a program, even though the program may later be modified, improved or upgraded.
  • Source code analysis can be either static or dynamic. In static analysis, debugging is done by examining the code without actually executing the program. This can reveal errors at an early stage in program development, often eliminating the need for multiple revisions later. After static analysis has been done, dynamic analysis is performed in an effort to uncover more subtle defects or vulnerabilities. Dynamic analysis consists of real-time program testing.
  • A major advantage of this method is the fact that it does not require developers to make educated guesses at situations likely to produce errors. Other advantages include eliminating unnecessary program components and ensuring that the program under test is compatible with other programs likely to be run concurrently.
  • Superior source code analysis offers greater security

  • As the enterprise today is under constant threat from malicious attacks, source code analysis has become a top priority. By reviewing internally developed applications before they are deployed and third-party software before it is purchased, enterprises can find and fix software vulnerabilities before they can be exploited for malicious purposes. Since security efforts have largely been successful in securing the enterprise perimeter, hackers and other malicious individuals have turned their attention to enterprise applications. Using embedded code or exploiting flaws in software, hackers gain control of company computers and get access to confidential information and customer records. Source code analysis is one of the security tools the enterprise can use to identify flaws and malicious code in applications before they are bought or deployed. But most source code analysis products are only partially helpful—they focus on source code which, as proprietary or intellectual property, is often not accessible for testing.
  • Videos

    Contact

    Contact Us | Zybeak Technologies
    Address: Plot No. 1961-B, 4th Floor, Vijaya Complex, Asiad Colony, Thirumangalam, Anna Nagar West Extension, Chennai, Tamil Nadu, India - 600101. Phone: 044 65658585 Mobile: 098840 33369. (Above Indian Bank)

    Testimonial

    • Hari
      I have had a great experience in learning CEH certification training from ZYBEAK TECHNOLOGIES. I am really thankful to the team for their help and assistance in helping me to achieve the certification. I will recommend the institute and the Course for IT professionals who want to become Information Security Professionals.
      Thanks to ZYBEAK TECHNOLOGIES once again. .

    • Pethu Raj
      I had a very good experience with ZYBEAK TECHNOLOGIES. The trainer was really good in explaining the various aspects of Cyber Security-SO.

    • Fiyaz
      I think Zybeak is the right place to complete my CEH Training and Certification. The IT Security support team guided me well to complete my Certification. Thanks to the Trainers. .

    • Balaji
      grateful to Zybeak Technologies and it's team for being there and helping me build a diverse career with Information Security Training (CEH). It's been a fabulous, knowledgeable experience and one can feel the sense of belonging here . Professionalism, dedication and good ethics are some of the key points I have observed here. They have a habit of taking good care of everything and will provide a helping hand no matter what. I strongly recommend Zybeak for CEH.