We are looking for an instructor that could teach secure
programming practices for developing Web applications. Instructor
would be responsible for developing the course and presenting
it to classes that we would host. Excellent side job that permits
you to keep your existing job, but enables you to have job alternatives
as the number and size of classes grow (not to mention extra income to
invest in Cisco stock!!!).

The attached classification chart is an excellent start to an
outline of the class. Good work whomever developed it!!!

Interested parties MUST have excellent person-to-student communication
capabilities because the students you will be instructing are generally
from 6-month to 1-year Institutes and Community Ed type settings.

For more info, please contact myself.

Michael Endrizzi
InterSec Communications, Inc.
mjeintersec.com
General: 651-310-1551
Direct: 651-365-9941

CLASSIFICATION OF VULNERABILITIES
=================================

Informational
-------------

This class of vulnerabilities describes issues that allow an attacker to
obtain more information about the system than is intended or desired².

Comments
Identifying Characteristics
Error Codes
Forceful Browsing

Input Validation
----------------

³This class of vulnerabilities describes issues that allow an attacker
to
create input to a system which will be processed to his/her advantage².

Circumventing Validation (client side manipulation)
Unicode Encoded Strings
URL Encoded Strings
OS Commands
Direct SQL Commands
Buffer Overflows
Path Traversal
Cross-Site Scripting
Format Strings
Null Characters
Meta Characters

Session Management
------------------

³This class of vulnerabilities describes issues that arise from
improperly
designed session management systems.²

Page Sequencing
Session Hi-Jacking
Session Replay
Man in the Middle Attacks

Authentication
--------------

³This class of vulnerabilities describes issues that arise from
improperly
designed authentication systems.²

Brute force (totally offline attack)
Interrogative adversary (adaptive chosen message attack)
Passive eavesdropper (listen, but can't modify network)
Active eavesdrops (total control of the network)

Parameter Manipulation
----------------------

³This class of vulnerabilities describes issues that allow an attacker
to
manipulate input parameters to a system which will be processed to
his/her
advantage².

URL Manipulation
Hidden Form Field Manipulation
Cookie Manipulation
Serialized Object Manipulation

Privacy Violations
------------------

³This class of vulnerabilities describes issues where users personal
data
maybe visible to others than the intended user.²

Browser Cache
Browser History
Auto-completes
Client IP Tracking
Referer

Mis-configurations
------------------

³This class of vulnerabilities describes issues resulting from
improperly
configured settings for any component in the system.²

Vendor Patches
Default Accounts

Backdoors
---------

³This class of vulnerabilities describes additional functionality of a
system not designed to be accessed by regular users.²

Debug Commands
Covert Channels

Trojans
-------

³This class of vulnerabilities describes foreign components designed to
subvert the system or user security².

Malicious mobile code
Application Trojans
Data Tainting

Michael Endrizzi
InterSec Communications, Inc.
mjeintersec.com
General: 651-310-1551
Direct: 651-365-9941

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]