FYI - SANs Conference on Web Application security. Debbie Merit Network is pleased to host an interactive video presentation of the SANS Institute's Security 519 course, "Web Applications and Security Workshop." The workshop will be held Tuesday and Wednesday, December 18-19, 2007 at the MITC Conference Center in Ann Arbor, from 9:00 a.m. to 5:00 p.m. each day. The workshop will be of value to anyone interested in techniques for securing Web applications. In this innovative presentation, the SANS course will be delivered via interactive teleconference to several participating sites across the U.S. The course will be presented by a SANS instructor, using the same content used in an in-person seminar, and attendees will be able to interact with the instructor and with other participating sites. A full course description appears later in this message. The registration fee for the two-day seminar is $700, compared to its typical price of $2145 when delivered in a classroom setting. This is a unique opportunity to engage in very high-quality security training at a tremendous savings. In accordance with the SANS Institute's policies, the reduced price is available only to attendees from educational institutions and state and local governments. Others may attend for the retail price of $2145. Attendees should bring a laptop computer. Continental breakfast and beverages will be provided. Registration ------------ Registration is available now at: http://www.merit.edu/events/sans519 For more information, please contact [log in to unmask] Details about the course ------------------------ SANS SECURITY 519 Web Application Security Workshop From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has become a major revenue generator. As everyone jumps on the bandwagon to do business on the Web, many problems can arise which are directly related to the security aspects of Web applications. The adage "where there is money, there is crime" has become true on a daily basis as we see credit cards and other financial data compromised through Web application vulnerabilities. And that is not even the full extent of the problem because Web-based malware and worms are still spreading in the wild. How do you protect your Web applications? Our Web application security workshop is a 2-day hands-on, action packed course covering the common vulnerabilities that are leveraged by attackers, the principles of securing Web applications, and general defense techniques to protect against future attacks. This course will help you understand the mechanics of the components necessary for effective Web application security which will then enable you to properly defend your organization's assets. This course is particularly well suited to developers, QA analysts, and infrastructure security professionals who have an interest in exploring the Web application security world. With the information you learn in this class, you will be able to perform basic security testing on Web applications, as well as architect, design and develop more secure Web applications. * Who Should Attend o Web application system and security administrators o QA analysts who want to learn the mechanics of web applications for better testing o Anyone interested in techniques for securing Web applications * Sampling of topics o Securing web application architectures and infrastructures o Cryptography o Authentication o Access control o Session mechanism o Web application logging o Input issues and validation o SQL injection o Cross-Site Scripting o Phishing o HTTP Response Splitting o Cross-Site Request Forgery About the instructor: Johannes Ullrich -------------------------------------- The course will be taught by Johannes Ullrich, Chief Research Officer for the SANS Institute. Ullrich is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, he worked as a lead support engineer for a web development company and as a research physicist. Johannes Ullrich holds a Ph.D. in Physics from SUNY Albany and is located in Jacksonville FL. About SANS ---------- The SANS Institute (http://www.sans.org) is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC, http://www.giac.org, a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. =========================================================