SANS SEC542 November 2017 - Tampa, FL

Tampa Florida! SANS SEC542 - Web Application Penetration Testing and Ethical Hacking is coming soon...

Class begins on November 13, 2017 (Monday through Saturday) when we will learn all about web app pen testing while preparing for the GIAC GWAPT (Web Application Penetration Tester) certification.

This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and a full day of Capture the Flag (CTF) on day six to drive home all of the concepts and tools.

This is certainly one of my favorite classes and I think one of the best parts about this class is the quality and quantity of the hands-on labs; we cover everything from Burp Suite and Command Injection to XSRF and Zap! You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.

SECURITY 542: Web App Penetration Testing and Ethical Hacking: www.sans.org

We will be covering all of these topics and more:

• Interception Proxies
• ZAP (Zed Attack Proxy)
• Burp Suite
• SQL Injection
• Logic Attacks
• Metasploit
• Reflected Cross-Site Scripting (XSS)
• Stored Cross-Site Scripting (XSS)
• Local File Inclusion (LFI)
• Command Injection
• Remote File Inclusion (RFI)
• Cross-Site Request Forgery (XSRF)
• Automated web app vulnerability scanning tools
• Manual scanning techniques

If your job description falls under one of these categories and you have an affinity towards information security or a desire to learn how attackers are able to compromise web applications, then this class is for you:

• General security practitioners
• Penetration testers
• Ethical hackers
• Web application developers
• Website designers and architects

Potential flaw in popular software analytics implementations

Stay tuned. More to come after additional research and responsible disclosure.

Holiday Puzzler

I came across this at secureset.com (can't find the link anymore though):

Try and figure out what is it and when you do - share!

SANS SEC542 August 2017 - Detroit, MI

Detroit Michigan! SANS SEC542 - Web Application Penetration Testing and Ethical Hacking is coming soon...

Class begins on August 7, 2017 (Monday through Saturday) when we will learn all about web app pen testing while preparing for the GIAC GWAPT (Web Application Penetration Tester) certification.

This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and a full day of Capture the Flag (CTF) on day six to drive home all of the concepts and tools.

This is certainly one of my favorite classes and I think one of the best parts about this class is the quality and quantity of the hands-on labs; we cover everything from Burp Suite and Command Injection to XSRF and Zap! You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.

SECURITY 542: Web App Penetration Testing and Ethical Hacking: www.sans.org

We will be covering all of these topics and more:

• Interception Proxies
• ZAP (Zed Attack Proxy)
• Burp Suite
• SQL Injection
• Logic Attacks
• Metasploit
• Reflected Cross-Site Scripting (XSS)
• Stored Cross-Site Scripting (XSS)
• Local File Inclusion (LFI)
• Command Injection
• Remote File Inclusion (RFI)
• Cross-Site Request Forgery (XSRF)
• Automated web app vulnerability scanning tools
• Manual scanning techniques

If your job description falls under one of these categories and you have an affinity towards information security or a desire to learn how attackers are able to compromise web applications, then this class is for you:

• General security practitioners
• Penetration testers
• Ethical hackers
• Web application developers
• Website designers and architects

SANS SEC542 May 2017 - Chicago, IL

Chicago! SANS SEC542 - Web Application Penetration Testing and Ethical Hacking is coming soon...

Class begins on May 15, 2017 (Monday through Saturday) when we will learn all about web app pen testing while preparing for the GIAC GWAPT (Web Application Penetration Tester) certification.

This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and a full day of Capture the Flag (CTF) on day six to drive home all of the concepts and tools.

This is certainly one of my favorite classes and I think one of the best parts about this class is the quality and quantity of the hands-on labs; we cover everything from Burp Suite and Command Injection to XSRF and Zap! You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.

SECURITY 542: Web App Penetration Testing and Ethical Hacking: www.sans.org

We will be covering all of these topics and more:

• Interception Proxies
• ZAP (Zed Attack Proxy)
• Burp Suite
• SQL Injection
• Logic Attacks
• Metasploit
• Reflected Cross-Site Scripting (XSS)
• Stored Cross-Site Scripting (XSS)
• Local File Inclusion (LFI)
• Command Injection
• Remote File Inclusion (RFI)
• Cross-Site Request Forgery (XSRF)
• Automated web app vulnerability scanning tools
• Manual scanning techniques

If your job description falls under one of these categories and you have an affinity towards information security or a desire to learn how attackers are able to compromise web applications, then this class is for you:

• General security practitioners
• Penetration testers
• Ethical hackers
• Web application developers
• Website designers and architects

SANS SEC542 April 2017 - Chicago, IL

Chicago! SANS SEC542 - Web Application Penetration Testing and Ethical Hacking is coming soon...

Class begins on April 3rd, 2017 (Monday through Saturday) when we will learn all about web app pen testing while preparing for the GIAC GWAPT (Web Application Penetration Tester) certification.

This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and a full day of Capture the Flag (CTF) on day six to drive home all of the concepts and tools.

This is certainly one of my favorite classes and I think one of the best parts about this class is the quality and quantity of the hands-on labs; we cover everything from Burp Suite and Command Injection to XSRF and Zap! You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.

SECURITY 542: Web App Penetration Testing and Ethical Hacking: www.sans.org

We will be covering all of these topics and more:

• Interception Proxies
• ZAP (Zed Attack Proxy)
• Burp Suite
• SQL Injection
• Logic Attacks
• Metasploit
• Reflected Cross-Site Scripting (XSS)
• Stored Cross-Site Scripting (XSS)
• Local File Inclusion (LFI)
• Command Injection
• Remote File Inclusion (RFI)
• Cross-Site Request Forgery (XSRF)
• Automated web app vulnerability scanning tools
• Manual scanning techniques

If your job description falls under one of these categories and you have an affinity towards information security or a desire to learn how attackers are able to compromise web applications, then this class is for you:

• General security practitioners
• Penetration testers
• Ethical hackers
• Web application developers
• Website designers and architects

Upcoming Security Events

It's a busy time in the world of information security, here are some upcoming events to be on the lookout for - two local events in Denver and two farther away:

• RSA Conference 2017 - February 13th-17th in San Francisco. This is a huge event with a large amount of great speakers.  

• SnowFROC - March 16th: Call for papers/speakers is open and sponsorship opportunities are also still available. This is the Front Range OWASP conference and it's going to be awesome! 

• RMISC May 9th-11th: This also has an open call for presentations and should be a great time.

• SANS SEC542 April 3rd-8th in Chicago. This is top notch offensive security training with a focus on web applications.