WebApp Sec mailing list archives
[1/2OT] Training for web-apps and db security
From: Stef <stefmit () gmail com>
Date: Fri, 22 Jul 2005 10:40:33 -0500
Kind of OT, but couldn't find a better place to ask a group of professionals about such a subject: I am looking into training one of the "geeks" in my group (by "geek" I mean: open-minded, very good at everything (IT-related) he gets his hands on, be it OS, apps, network gear, etc., good programmer, but also capable of understanding network applications behavior in multi-tier environment,s, etc.) in a very specific security area. Here are the requirements: - all the applications are part of Oracle E-business suite - all the clients - thus - have either a simple browser-based type of interaccess with a proxy I setup in front of the Oracle servers, or a slightly "thicker" interaction, via a "Java client" (jinitiator), with an Oracle front-end server (called web/forms server) - the back-end consists in communication between the web/forms server and a multitude of database and analytical/processing servers Having described the above (very briefly, for those intimate with the Oracle suite), I have in my mind the following type of security training: - heavy in Java and "web" apps - Apache, Squid security - MS IE and MS or Sun JVM security (not really sure if worth ... but just to make the list) - Oracle DB security training NOTE: This person is NOT to take charge of the specific servers running those apps (we have the security team for those - which are all HP-UX, or Linux based), and the minimal interaction with the underlying OS components can be handled with the level of knowledge right now. I am - personally - a big SANS fan (hold multiple certifications with them, as a result), and they have an offering for Oracle security (which I would be tempted to try), but I am not aware of any web-based apps comprehensive security training. Another option (also based on some personal experience) would have been some graduate level security courses, at a reputable institution, but those seem to take for ever, for someone who plans [almost] immediate specific results, vs. a well-rounded, long-term degree (which is the case for my techno-geek ;)). I would really appreciate directions and - most of all - personal experience of such. I would also appreciate any comments about my list of needeed know-how, in case someone like you has stumbled across "things you should have learned in school, had you been paying attention" ;) TIA, Stef
Current thread:
- [1/2OT] Training for web-apps and db security Stef (Jul 22)
- Re: [1/2OT] Training for web-apps and db security Gunnar Peterson (Jul 23)
- RE: [1/2OT] Training for web-apps and db security Richard Lindberg (Jul 23)
- RE: [1/2OT] Training for web-apps and db security Gerald Quakenbush (Jul 23)
- RE: [1/2OT] Training for web-apps and db security Richard Lindberg (Jul 23)
- <Possible follow-ups>
- RE: [1/2OT] Training for web-apps and db security bizmaninatl (Jul 23)
- Re: [1/2OT] Training for web-apps and db security Saqib Ali (Jul 24)
- Re: [1/2OT] Training for web-apps and db security Ken Pfeil (Jul 24)
- Re: [1/2OT] Training for web-apps and db security Saqib Ali (Jul 24)
- Re: [1/2OT] Training for web-apps and db security Gunnar Peterson (Jul 23)