Cost--> $3295
Course Length--> 3 days
Upcoming Course Dates and Locations -->11/19/02 - 11/21/02, New York, NY
The security industry has moved to the next level in the “arms race” between hackers and corporations. Most companies have locked down their Internet hosts at the network and host level by blocking network born attacks with firewalls and keeping hosts patched from vulnerabilities. As it has become more difficult to attack corporations using published vulnerabilities, many skilled hackers are switching to attacking web vulnerabilities in applications. Flaws in the design and implementation of application software have fallen through the cracks of the security reviews of most companies, and this is where hackers are focusing their efforts.
Foundstone has responded to this shift by providing application security assessments for numerous corporations over the past few years. Through our experience, we have identified common security flaws in many applications and have formulated countermeasures to defend against these types of attacks. The result, Foundstone’s new “Ultimate Hacking: Secure Coding”, is a course designed to address security problems in application code during the development cycle to prevent security flaws from creeping into applications.
What will you learn?
Unique in the security-training industry, “Ultimate Hacking: Secure Coding” will teach you how to design and implement secure applications. The course will teach you the best current security practices used in designing applications. Foundstone will identify common security pitfalls that should be avoided in building applications. Details of how buffer overflow exploits, cross-site scripting, SQL injection, and input validation attacks will be taught. We also show you a few automated tools that can be used to help audit secure programming have been practiced.
Why Do We Teach This?
Foundstone firmly believes that corporations should take a proactive stance against attacks. By designing security into an application, most attacks can be thwarted.
Who Teaches the Class?
Instructors are comprised of Foundstone's management team and training staff. Collectively, they have performed hundreds of Web and e-commerce security assessments, managing security programs at the Big 5 accounting firms, the United States Air Force, and on Wall Street. Foundstone instructors authored the best-selling Hacking Exposed: Network Security Secrets & Solutions, one of the industry's most popular and respected computer-security guides.
Who Should Take the Course?
Security personnel, auditors, web designers, and project managers interested in application security should take this course. The course is highly technical and will go into detail on topics such as buffer overflows, input validation, cross site scripting, and SQL injection. Code snippets will be introduced during the class and knowledge of C and C++ programming languages is required.
Topics
• Authentication
• Authorization
• Buffer Overflow Attacks
• Format String Vulnerabilities
• Input Validation
• SQL Injection
• Cross Site Scripting
• Canonicalization
• Best Practices
• Security Testing
• Code Reviews
• Tools
Lab Exercises
Code snippets will be introduced throughout the class and students will be expected to identify security bugs in the code
Reply With Quote