WebApp Sec mailing list archives
RE: looking for advanced web hacking course
From: "Glyn Geoghegan" <glyng () corsaire com>
Date: Wed, 12 Nov 2003 13:44:30 +1000
Hi Tim, I think that's a little harsh, but you do have a good point ;) I believe you're probably right if the claim is that anyone can walk in to a classroom for 2 days with no knowledge and walk out as an application assessment expert. A course *can* outline the types of issues present in web-applications, and provide a structured approach or methodology for identifying if the problems exist in a sample environment. It shouldn't be pitched as an entry level course, however. The pre-requisites should include an understanding of security and web application development, of course. In our experience, it is not that web-developers or security testers are not able to analyse the security of a web app. More often it's that that don't have a basis to apply or expand their existing knowledge (e.g. of how their applications may be abused or infrastructure penetration testing) and grow in the right areas. Our approach has generally been to construct workshops and Q&A sessions with groups of developers and/or security staff within an organisation using their own environment and applications as a framework for teaching and knowledge share. Ultimately tho, the real key to learning about web application security and assessments is to read the various lists, papers and guides out there and apply that knowledge in (authorised) real-world situations. Formal or bespoke training can provide a basis for that, and an introduction. It's up to the candidate to make sure they have met the pre-requisites. Regards, Glyn.
-----Original Message----- From: Tim Greer [mailto:chatmaster () charter net] Sent: 12 November 2003 13:01 To: Pheebee Buffe Cc: webappsec () securityfocus com Subject: Re: looking for advanced web hacking course On Sat, 2003-11-08 at 07:36, Pheebee Buffe wrote:All, Anyone know of good, hands-on advanced web hacking course? Regards.There is no such thing. And if anyone claims otherwise, they are wanting your money. This would encompass too much, you are basically going to need to learn how to program, learn where, how and why exploits work. -- Tim Greer <chatmaster () charter net>
Current thread:
- looking for advanced web hacking course Pheebee Buffe (Nov 11)
- Re: looking for advanced web hacking course Tim Greer (Nov 11)
- RE: looking for advanced web hacking course Glyn Geoghegan (Nov 13)
- RE: looking for advanced web hacking course Tim Greer (Nov 13)
- Re: looking for advanced web hacking course Bill Pennington (Nov 13)
- Re: looking for advanced web hacking course Tim Greer (Nov 13)
- Re: looking for advanced web hacking course The Crocodile (Nov 13)
- RE: looking for advanced web hacking course Glyn Geoghegan (Nov 13)
- Re: looking for advanced web hacking course minime (Nov 13)
- Re: looking for advanced web hacking course A.D.Douma (Nov 13)
- Re: looking for advanced web hacking course Mr. Rufus Faloofus (Nov 14)
- Re: looking for advanced web hacking course Jarmo Joensuu (Nov 14)
- Re: looking for advanced web hacking course A.D.Douma (Nov 13)
- <Possible follow-ups>
- RE: looking for advanced web hacking course latte1 (Nov 13)
- RE: looking for advanced web hacking course Cuthbert, Daniel (Nov 13)
(Thread continues...)
- Re: looking for advanced web hacking course Tim Greer (Nov 11)