FYI - SANs Conference on Web Application security.
Debbie
Merit Network is pleased to host an interactive video presentation
of the SANS Institute's Security 519 course, "Web Applications and
Security Workshop." The workshop will be held Tuesday and Wednesday,
December 18-19, 2007 at the MITC Conference Center in Ann Arbor,
from 9:00 a.m. to 5:00 p.m. each day. The workshop will be of value
to anyone interested in techniques for securing Web applications.
In this innovative presentation, the SANS course will be delivered
via interactive teleconference to several participating sites across
the U.S. The course will be presented by a SANS instructor, using
the same content used in an in-person seminar, and attendees will be
able to interact with the instructor and with other participating
sites. A full course description appears later in this message.
The registration fee for the two-day seminar is $700, compared to
its typical price of $2145 when delivered in a classroom setting.
This is a unique opportunity to engage in very high-quality security
training at a tremendous savings. In accordance with the SANS
Institute's policies, the reduced price is available only to
attendees from educational institutions and state and local
governments. Others may attend for the retail price of $2145.
Attendees should bring a laptop computer. Continental breakfast and
beverages will be provided.
Registration
------------
Registration is available now at:
http://www.merit.edu/events/sans519
For more information, please contact [log in to unmask]
Details about the course
------------------------
SANS SECURITY 519
Web Application Security Workshop
From a mere 26 Web servers operating in November 1992 growing to
well over 100 million Web sites today, we have come a long way in
Web technology over a short period of time. Today, almost every
organization has its own Web site for conducting business
transactions or other critical functions. And for many companies,
their online presence has become a major revenue generator.
As everyone jumps on the bandwagon to do business on the Web, many
problems can arise which are directly related to the security
aspects of Web applications. The adage "where there is money, there
is crime" has become true on a daily basis as we see credit cards
and other financial data compromised through Web application
vulnerabilities. And that is not even the full extent of the problem
because Web-based malware and worms are still spreading in the wild.
How do you protect your Web applications? Our Web application
security workshop is a 2-day hands-on, action packed course covering
the common vulnerabilities that are leveraged by attackers, the
principles of securing Web applications, and general defense
techniques to protect against future attacks. This course will help
you understand the mechanics of the components necessary for
effective Web application security which will then enable you to
properly defend your organization's assets.
This course is particularly well suited to developers, QA analysts,
and infrastructure security professionals who have an interest in
exploring the Web application security world. With the information
you learn in this class, you will be able to perform basic security
testing on Web applications, as well as architect, design and
develop more secure Web applications.
* Who Should Attend
o Web application system and security administrators
o QA analysts who want to learn the mechanics of web
applications for better testing
o Anyone interested in techniques for securing Web
applications
* Sampling of topics
o Securing web application architectures and
infrastructures
o Cryptography
o Authentication
o Access control
o Session mechanism
o Web application logging
o Input issues and validation
o SQL injection
o Cross-Site Scripting
o Phishing
o HTTP Response Splitting
o Cross-Site Request Forgery
About the instructor: Johannes Ullrich
--------------------------------------
The course will be taught by Johannes Ullrich, Chief Research
Officer for the SANS Institute. Ullrich is currently responsible for
the SANS Internet Storm Center (ISC) and the GIAC Gold program. He
founded DShield.org in 2000, which is now the data collection engine
behind the ISC. His work with the ISC has been widely recognized,
and in 2004, Network World named him one of the 50 most powerful
people in the networking industry. Prior to working for SANS, he
worked as a lead support engineer for a web development company and
as a research physicist. Johannes Ullrich holds a Ph.D. in Physics
from SUNY Albany and is located in Jacksonville FL.
About SANS
----------
The SANS Institute (http://www.sans.org) is the most trusted and by
far the largest source for information security training and
certification in the world. It also develops, maintains, and makes
available at no cost, the largest collection of research documents
about various aspects of information security, and it operates the
Internet's early warning system - Internet Storm Center. SANS also
sponsored the creation of GIAC, http://www.giac.org, a leading
industry security certification. The SANS (SysAdmin, Audit, Network,
Security) Institute was established in 1989 as a cooperative
research and education organization. Its programs now reach more
than 165,000 security professionals around the world. A range of
individuals from auditors and network administrators, to chief
information security officers are sharing the lessons they learn and
are jointly finding solutions to the challenges they face. At the
heart of SANS are the many security practitioners in varied global
organizations from corporations to universities working together to
help the entire information security community.
=========================================================
