Monday, April 30, 2018

SpyderSec Apprenticeship Program

SpyderSec is exploring offering an apprenticeship program. More details to come...

Friday, March 30, 2018

Upcoming Security Events

It's (always) a busy time in my world, here are some upcoming events to be on the lookout for - all of which I speaking at or teaching:

  • SANS Webcast -  Tuesday, May 1st, 2018 at 1:00 PM EDT (BreakingPoint: A Multi-Function Tool for Application and Security Testing)

  • HACK NYC 2018 - New York , NY | Tue May 08 -  Thu 10, 2018 (SPEAR PHISHING: A BEHIND THE SCENES LOOK May 8th 01:15 PM - 01:45 PM)

  • RMISC - Denver, CO | Tue May 08 -  Thu 10, 2018 (G1. Rock Your Next Web Application Penetration Test May 10th 2:00 PM - 3:00 PM )

  • SANS Rocky Mountain - Denver, CO | Mon, Jun 4 - Sat, Jun 9, 2018 (Getting the Most Out of Burp Suite Pro Thursday, June 7th, 7:15pm - 8:15pm)

Tuesday, February 20, 2018

SnowFROC - All questions answered!

We are only a couple of weeks away from SnowFROC 2018 so I thought I would take a moment to talk about it.

What is SnowFROC?
Simply put, SnowFROC is Denver’s premier Application Security Conference. This is not a typical conference however; to be blunt it is more intimate and has better food (seriously) than other events you may visit. The venue holds no more than about 500 people and being a one day only event means you get the best we have to offer in an 8 hour day.

Who is this for and who will be there?
Presentations and training are not solely focused on application security. SnowFROC is primarily geared towards three types of individuals:

  • Information Security Leadership; which is a prominent track with several interesting presentations to choose from
  • Security Engineers and Developers; with 9 scheduled presentations on topics ranging from Threat Modeling IoT Systems to attacking mobile apps and automation with DevOps
  • Learners seeking to train hands-on; Three labs are included with the purchase of a training ticket and include: Crypto, Attacking WIFI and a lab based on the Equifax breach
John Strand is delivering the Keynote, world-class speakers are flying in to give their presentations and the panel at the end of the day is comprised of leaders in the industry. 

Where is SnowFROC located?
Being the "Front Range OWASP Conference", SnowFROC is based in Denver Colorado. The location of this event is The Cable Center on the University of Denver campus near I-25 and University.

When does this event take place?
This is a one day only event and takes place from 8AM to 5:30PM on Thursday March 8th 2018.

How much does it cost?
General Admission is $70.00 per person. If you want to attend the hands-on training (on going all day) you will need to purchase an additional ticket at $25.00 (for a total of $95.00).

Why would I want to attend?
Because the scheduled presentations are exciting
Because the speakers are excellent
Because you know a great deal when you see one
Because taking a day off of work to be educated, fed well and learn a lot is a great idea
Because $95 for a day of hands-on training is a spectacular value
To network and get to know Denver's security community better
Because you are coming from out of town and it's Denver...

Registration, schedule of events and additional information is at

What else should I know?
Training is limited to the first 100 people to register. Parking, breakfast, lunch, happy hour, access to all talks (though they run concurrently) and panel discussions is all included with general admission pricing. Tickets are expected to sell out, get yours now!

Tuesday, January 2, 2018

SANS SEC542 March 2018 - Portland

Portland Oregon! SANS SEC542 - Web Application Penetration Testing and Ethical Hacking is coming soon...

Class begins on March 5, 2018 when we will learn all about web app pen testing while preparing for the GIAC GWAPT (Web Application Penetration Tester) certification.

This is a six day Community SANS event, complete with an attack/lab virtual machine, books, all class materials and a full day of Capture the Flag (CTF) on day six to drive home all of the concepts and tools.

This is certainly one of my favorite classes and I think one of the best parts about this class is the quality and quantity of the hands-on labs; we cover everything from Burp Suite and Command Injection to XSRF and Zap! You keep the tools, you keep the custom VM, you keep the labs and you gain great experience... more details are below.

SECURITY 542: Web App Penetration Testing and Ethical Hacking:

We will be covering all of these topics and more:
  • Interception Proxies
    • ZAP (Zed Attack Proxy)
    • Burp Suite
  • SQL Injection
  • Logic Attacks
  • Metasploit
  • Reflected Cross-Site Scripting (XSS)
  • Stored Cross-Site Scripting (XSS)
  • Local File Inclusion (LFI)
  • Command Injection
  • Remote File Inclusion (RFI)
  • Cross-Site Request Forgery (XSRF)
  • Automated web app vulnerability scanning tools
  • Manual scanning techniques
If your job description falls under one of these categories and you have an affinity towards information security or a desire to learn how attackers are able to compromise web applications, then this class is for you:

  • General security practitioners
  • Penetration testers
  • Ethical hackers
  • Web application developers
  • Website designers and architects