[unisog] SANS Sec542 Web Pen Testing Course at Brown University

Fletcher, Robert Robert_Fletcher at Brown.edu
Tue Sep 15 23:12:15 GMT 2009

Regretfully, it became necessary last week to reschedule the class. The
class is now scheduled for January 11 - 16, 2010. I apologize for any
inconvenience this may cause.

The revised web link is:

Bob Fletcher
(401) 863-7290

"What gets us into trouble is not what we don't know, it's what we know for
sure that just ain't so"
- Mark Twain

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Wayne J. Hauber
Sent: Monday, September 14, 2009 10:42 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] SANS Sec542 Web Pen Testing Course at Brown University

At 04:55 PM 8/30/2009, you wrote:
>Content-class: urn:content-classes:message
>Content-Type: multipart/signed; micalg=SHA1;
>         boundary="----=_NextPart_000_0004_01CA299B.0295C580";
>         protocol="application/x-pkcs7-signature"
>Monday, October 5, 2009 through Saturday, October 10, 2009, Brown
>will be hosting SANS Security 542 "Web App Penetration Testing and Ethical

A question about dates. You mention October in your e-mail to unisog. 
The web page says January 2010. Which is right?

Wayne Hauber

>About the class:
>Web applications are a major point of vulnerability in organizations today.
>Web app holes have resulted in the theft of millions of credit cards, major
>financial and reputational damage for hundreds of enterprises, and even the
>compromise of thousands of browsing machines that visited Web sites altered
>by attackers. To learn how to prevent such exploits, students in this
>intermediate to advanced level class, will:
>* Learn the art of exploiting Web applications so they can find flaws in
>their enterprise's Web apps before the bad guys do. Through detailed,
>hands-on exercises students are taught the four-step process for Web
>application penetration testing.
>* Inject SQL into back-end databases, learning how attackers exfiltrate
>sensitive data.
>* Utilize Cross-Site Scripting attacks to dominate a target infrastructure
>in our unique hands-on laboratory environment.
>* Explore various other Web app vulnerabilities in depth with
>techniques for finding them using a structured testing regimen.
>* In short, learn the tools and methods of the attacker, so that they can
>become powerful defenders.
>Recommended for:
>General security practitioners, as well as Web site designers, architects,
>and developers, who'll benefit from learning the practical art of Web
>application penetration testing.
>Bob Fletcher
>IT Security Engineer
>CIS Information Security Group
>Brown University
>unisog mailing list
>unisog at lists.dshield.org

Wayne Hauber (515) 294-9890
Information Technology Services
IT Security and Policies
297 Durham Center, ISU, Ames, Iowa 50011
wjhauber at iastate.edu  

unisog mailing list
unisog at lists.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3094 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20090915/c3ad6b31/attachment.bin 

More information about the unisog mailing list