Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: looking for advanced web hacking course
From: Glyn Geoghegan (glyngcorsaire.com)
Date: Tue Nov 11 2003 - 21:44:30 CST
I think that's a little harsh, but you do have a good point ;)
I believe you're probably right if the claim is that anyone can walk in
to a classroom for 2 days with no knowledge and walk out as an
application assessment expert.
A course *can* outline the types of issues present in web-applications,
and provide a structured approach or methodology for identifying if the
problems exist in a sample environment. It shouldn't be pitched as an
entry level course, however.
The pre-requisites should include an understanding of security and web
application development, of course.
In our experience, it is not that web-developers or security testers are
not able to analyse the security of a web app. More often it's that
that don't have a basis to apply or expand their existing knowledge
(e.g. of how their applications may be abused or infrastructure
penetration testing) and grow in the right areas.
Our approach has generally been to construct workshops and Q&A sessions
with groups of developers and/or security staff within an organisation
using their own environment and applications as a framework for teaching
and knowledge share.
Ultimately tho, the real key to learning about web application security
and assessments is to read the various lists, papers and guides out
there and apply that knowledge in (authorised) real-world situations.
Formal or bespoke training can provide a basis for that, and an
introduction. It's up to the candidate to make sure they have met the
> -----Original Message-----
> From: Tim Greer [mailto:chatmastercharter.net]
> Sent: 12 November 2003 13:01
> To: Pheebee Buffe
> Cc: webappsecsecurityfocus.com
> Subject: Re: looking for advanced web hacking course
> On Sat, 2003-11-08 at 07:36, Pheebee Buffe wrote:
> > All,
> > Anyone know of good, hands-on advanced web hacking course?
> > Regards.
> There is no such thing. And if anyone claims otherwise, they
> are wanting your money. This would encompass too much, you
> are basically going to need to learn how to program, learn
> where, how and why exploits work.
> Tim Greer <chatmastercharter.net>