Results 1 to 7 of 7

Thread: Foundstone NY Hack Class

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    390

    Foundstone NY Hack Class

    Foundstone puts on a great class. However, its a little over $3000. I cant go cause i'm poor, but if someone else would like to go and *hint take notes and post them on AO, it would be appreciated.

    http://www.foundstone.com/services/u...-web-apps.html

    Cost--> $3295
    Course Length--> 3 days
    Upcoming Course Dates and Locations -->11/19/02 - 11/21/02, New York, NY

    The security industry has moved to the next level in the “arms race” between hackers and corporations. Most companies have locked down their Internet hosts at the network and host level by blocking network born attacks with firewalls and keeping hosts patched from vulnerabilities. As it has become more difficult to attack corporations using published vulnerabilities, many skilled hackers are switching to attacking web vulnerabilities in applications. Flaws in the design and implementation of application software have fallen through the cracks of the security reviews of most companies, and this is where hackers are focusing their efforts.

    Foundstone has responded to this shift by providing application security assessments for numerous corporations over the past few years. Through our experience, we have identified common security flaws in many applications and have formulated countermeasures to defend against these types of attacks. The result, Foundstone’s new “Ultimate Hacking: Secure Coding”, is a course designed to address security problems in application code during the development cycle to prevent security flaws from creeping into applications.

    What will you learn?
    Unique in the security-training industry, “Ultimate Hacking: Secure Coding” will teach you how to design and implement secure applications. The course will teach you the best current security practices used in designing applications. Foundstone will identify common security pitfalls that should be avoided in building applications. Details of how buffer overflow exploits, cross-site scripting, SQL injection, and input validation attacks will be taught. We also show you a few automated tools that can be used to help audit secure programming have been practiced.

    Why Do We Teach This?
    Foundstone firmly believes that corporations should take a proactive stance against attacks. By designing security into an application, most attacks can be thwarted.

    Who Teaches the Class?
    Instructors are comprised of Foundstone's management team and training staff. Collectively, they have performed hundreds of Web and e-commerce security assessments, managing security programs at the Big 5 accounting firms, the United States Air Force, and on Wall Street. Foundstone instructors authored the best-selling Hacking Exposed: Network Security Secrets & Solutions, one of the industry's most popular and respected computer-security guides.

    Who Should Take the Course?
    Security personnel, auditors, web designers, and project managers interested in application security should take this course. The course is highly technical and will go into detail on topics such as buffer overflows, input validation, cross site scripting, and SQL injection. Code snippets will be introduced during the class and knowledge of C and C++ programming languages is required.

    Topics
    • Authentication
    • Authorization
    • Buffer Overflow Attacks
    • Format String Vulnerabilities
    • Input Validation
    • SQL Injection
    • Cross Site Scripting
    • Canonicalization
    • Best Practices
    • Security Testing
    • Code Reviews
    • Tools

    Lab Exercises
    Code snippets will be introduced throughout the class and students will be expected to identify security bugs in the code
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    310
    The basic idea of the whole thing sounds pretty good,but $3000 for a three day course(not to mention travel expenses which are going to tack on at least another $1000+)Kiss my a55!!!
    They have 12 topics listed,and three days to cover them.I don't see them going into too much depth.Not to mention if one competant person goes to this class,takes notes,and posts them(which will happen I'm sure)Then that's all that money down the drain.It sounds like a scam to me.
    [shadow]I don\'t believe in anarchy.If you\'re not smart enough to beat the system it\'s your problem. [/shadow]


  3. #3
    Senior Member
    Join Date
    May 2002
    Posts
    390
    no, its not a scam. heck, microsoft charges around the same price for their classes.....

    foundstone really knows what they are doing. if interested in what exactly they do know, you can get a good idea from their website www.foundstone.com and check out their knowledge section (also where you get fport and other free tools) and their education section.
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    You might as well buy "Hacking Exposed web applications", but that only cost $50 in the US. £35 in the UK. It covers everything they do, also in about the same order.

    This is no surprize when you find the main author Joel Scambray is Managing Principal at Foundstone Inc. Mike Shema, Yen-Ming Chen, David Wong the other authors also work for FoundStone Inc

    However saying that, it is problery the best book on web application security I know, so i guess that the course would be very good. But I will stick with the book and spend the $3245 I saved on a motorbike or a holiday

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  5. #5
    AHH just read computer manuals around 10$ each im sure its a good class but still...

  6. #6
    Senior Member
    Join Date
    May 2002
    Posts
    390
    yeah, its gotta be a great class.
    but its definately for someone who is in a corporation and gets reimbursed or gets the class covered by the corporation somehow. the little guy isnt going to be able to do this, especially since there are more classes coming up.

    Ultimate Hacking: Secure Coding, New York
    November 19-21, 2002
    A three day, in-depth study on building secure applications for developers. Learn how to design secure systems and avoid common programming missteps.

    Ultimate Hacking: Principles of Security, New York
    December 3-6, 2002
    Taught by Foundstone’s elite consultants and specifically tailored for I.T. administrators and consultants that are new to the security area.

    Ultimate Hacking: Expert, New York
    December 17-19, 2002
    A three day, technically intense class designed for the advanced security engineer. This course represents the pinnacle of Foundstone’s Ultimate Hacking lineup.
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

  7. #7
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    I think we should suggest Microsoft sends ALL of their Coders to ALL of these classes
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •