On Jul 13, 2008, at 1:18 AM, Jimmy Liang wrote:
> Hello,
>
> I?m looking at expanding my security knowledge and am looking for
> recommendations on training courses. I?ve had a few years of Windows
> and Solaris admin experience managing 30 or so 24/7 systems, and
> minimal web application development. I know the basic concept of SQL
> injection and CRLF injection, but wouldn?t know how to actually
> apply it in real life.
>
> I?ve been looking at the Foundstone courses, specifically, the
> ?Ultimate Hacking: Expert? course. This is mainly because the
> regular ?Ultimate Hacking? and ?Ultimate Web Hacking? courses are
> not offered in my area any time soon. I?m a little concerned that
> the course description says that advanced Unix and Windows knowledge
> is required? What does advanced mean?
>
> Anyone else have other recommendations on classes? I learn best with
> hands on training with a live instructor.
>
> Any recommendations is greatly appreciated.
Hi-
Full disclosure, I am the author of the course I am about to mention.
I recommend Security 542 Web App Pen-Testing In-Depth from SANS. It
is a four day hands on class that doesn't just teach you the different
types of exploits. It actually helps you learn a methodology. The
class uses real world applications that contain flaws and I believe it
is the best class of its type around. If you would like more
information, either visit http://www.sans.org or feel free to write me
at my main email address, kevin (at) intelguardians (dot) com [email concealed]
Kevin
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
> Hello,
>
> I?m looking at expanding my security knowledge and am looking for
> recommendations on training courses. I?ve had a few years of Windows
> and Solaris admin experience managing 30 or so 24/7 systems, and
> minimal web application development. I know the basic concept of SQL
> injection and CRLF injection, but wouldn?t know how to actually
> apply it in real life.
>
> I?ve been looking at the Foundstone courses, specifically, the
> ?Ultimate Hacking: Expert? course. This is mainly because the
> regular ?Ultimate Hacking? and ?Ultimate Web Hacking? courses are
> not offered in my area any time soon. I?m a little concerned that
> the course description says that advanced Unix and Windows knowledge
> is required? What does advanced mean?
>
> Anyone else have other recommendations on classes? I learn best with
> hands on training with a live instructor.
>
> Any recommendations is greatly appreciated.
Hi-
Full disclosure, I am the author of the course I am about to mention.
I recommend Security 542 Web App Pen-Testing In-Depth from SANS. It
is a four day hands on class that doesn't just teach you the different
types of exploits. It actually helps you learn a methodology. The
class uses real world applications that contain flaws and I believe it
is the best class of its type around. If you would like more
information, either visit http://www.sans.org or feel free to write me
at my main email address, kevin (at) intelguardians (dot) com [email concealed]
Kevin
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-
[ reply ]