Appsec Training

[0xdarkfloyd at gmail.com (Dark Floyd (0xdf))]

Hi Chris,

I believe your fellow could find the SEC542 course is useful. Even I have
already done pentest for several years, the first 3 days of the materials
focuses on beginner and tools manipulation. On day 4 and day 5, it is
related to Python programming, exploit framework, etc, particularly training
one to have more manual penetration test kungfu. The provided Ubuntu-based
VM could allow your mate to practise the tools, carrying out the lab
exercises. You could consider it is a good option indeed.

Regards,
Anthony Lai, Hong Kong

On Mon, Apr 12, 2010 at 10:15 PM, Chris Merkel <cmerkel at gmail.com> wrote:

> Looking for feedback on the relative value of the SANS Web App Sec 542. I
> have a fairly sharp analyst who is more familiar with the network /
> infrastructure side of things and does not have a development background
> (aside from CS in college ~6-7 years ago).
>
> I'd like some feedback from people who have taken the course, who also
> don't have strong development chops, and if you were able to apply that
> knowledge to successfully perform appsec assessments by way of
> black/grey/whitebox testing and/or code review.
>
> Thanks!
>
> --
> - Chris Merkel
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Regards,
Anthony LAI
Founder & Security Researcher
Valkyrie-X Security Research Group
"Offensive . Creative . Fun"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100413/183e6322/attachment.htm