Tag Archives: SANS

Teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13

2
Filed under Application Security, Penetration Testing
Tagged as ,

Just a quick update to let everyone know that I’ll be teaching SANS SEC542: Web App Penetration Testing and Ethical Hacking in St. Louis July 8-13th through the Community SANS program.  This is a fantastic 6 day class with lots of hands-on exercises, sharing of my real world web app testing experiences and a Capture the Flag event in which students will be able to use the methodology and techniques explored during class to find and exploit vulnerabilities within an intranet site.  I’m very excited to teach you the skills required to be a great web application penetration tester!

Check out the SANS class information page for more information about the class, agenda and location.

Save 10% on your registration using code: TomStLouis

See you in St. Louis!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Presenting at SANS 2013 in Orlando Next Week

0
Filed under Conferences, Mobile Security
Tagged as , , ,

I’ll be at SANS 2013 in Orlando this weekend assisting Kevin Johnson with his SEC542: Web App Penetration Testing & Ethical Hacking class and giving two SANS@Night presentations:

This is a great opportunity to see Social Zombies again if you missed our talk at DerbyCon last year.  Registered attendees of SANS 2013 get into the talks for free!  If you see me at the conference next week say hi and feel free to harass Kevin if you’re taking his class! ;-)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

SANS Mentor brings Security 542: Web App Penetration Testing and Ethical Hacking (GWAPT) to Cleveland

1
Filed under Application Security
Tagged as , ,

I’m proud to be teaching SANS Security 542 here in Cleveland through the SANS Mentor Program beginning in August.  The SANS Mentor Program allows you to save thousands on your training budget and still experience live SANS training on the GWAPT classes – live training without traveling!

COURSE DETAILS:

Security 542: Web App Penetration Testing and Ethical Hacking
Start date: Thursday August 23, class will run over 10 weeks, 6:30-8:30pm
Details and tuition visit: http://www.sans.org/info/106395

Where: SecureState
23340 Miles Road
Cleveland, OH 44128

This local course will be offered in a multi-week format via the Mentor Program. Each week I will answer questions and assist you with hands on labs and exercises during the class. Mentor courses give you the opportunity to participate in SANS training without the expense and inconvenience of travel or being out of the office during the workday.

An outline of the class is as follows:

- Learn an attack methodology and how the pen-tester uses JavaScript within the test
- Study the art of reconnaissance, specifically targeted to Web applications.
- Start the discovery phase with a focus on application/server-side discovery.
- Flash objects and Java applets.
- Exploitation

The class wraps up with a Capture the Flag event where the students will be able to use the methodology and techniques explored during class to find and exploit the vulnerabilities within an intranet site.

I hope you can join me in August and earn your GWAPT Certification in 2012!

Attacking & Defending Apple iOS Devices in the Enterprise Presentation Updates

0
Filed under Apple, Mobile Security
Tagged as , , , , , , ,

Below are links over on SlideShare to the latest version of my ever evolving presentation “Attacking & Defending Apple iOS Devices in the Enterprise”.  This is the version I presented at the SANS Mobile Device Security Summit a few weeks ago.  I include information on iOS 5, the latest jailbreaks at the time (this has since changed with the release of iOS 5.1) and some information on the security of iCloud.

Just a reminder that I’ll be presenting Smart Bombs: Mobile Vulnerability and Exploitation with John Sawyer and Kevin Johnson at OWASP AppSec DC on April 5th in Washington DC.  I’ll be focusing my research on iOS application testing and some of the vulnerabilities discovered in some of the top 25 iOS applications.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

SANS Mobile Device Security Summit Recap

2
Filed under Mobile Security
Tagged as , , , , , , , , ,

Just a quick post about the SANS Mobile Device Security Summit that I participated in.  Kudos to Kevin Johnson and Tony DeLaGrange from Secure Ideas for helping organize and lead the event.  They did a great job!  If you’ve been to SANS events in the past I assure you that this was much different.  First, there was a great line up which included Rafal Los (HP), Jack Mannino (nVisium Security), Chris Cuevas (Secure Ideas), John Sawyer (InGuardians), Josh Feinblum (The Advisory Board Company) and Daniel Miessler (HP ShadowLabs) to name a few.  Having a lineup of great speakers really made the summit flow as well as it did.

What I liked most about this event was that there were plenty of “real world” talks on how enterprises are deploying and managing mobile deployments.  Real in the “trenches” types of talks.  Here are some of the themes that I heard throughout all the talks:

  • Jailbreaking/Rooting is BAD
  • The OWASP Mobile Top 10 is going to be just as important as the traditional web application OWASP Top 10
  • Mobile Threats are an evolving, moving target.  Security teams have to be quick to adapt to new mobile technology
  • MDM (Mobile Device Management Solutions) are a requirement
  • Apple iOS devices are preferred over Android in the enterprise (seriously, that was the consensus).  No one seems to care about BlackBerry or Windows Mobile devices.  I think only one speaker mentioned Windows Mobile…

Speaking to the last point I find this pretty interesting.  Especially given the fact that Android seems to be beating Apple in regards to market share of devices and app store apps.  I also enjoyed hearing about some of the challenges and pitfalls real IT and security departments are facing.  Many of the speakers talked about some best practices they’ve developed and problems they’ve had.  One of the highlights for me was a talk by Det. Cindy Murphy from the Madison WI Police Department Computer Forensics Unit.  She shared some of her experiences with mobile device forensics and how this evidence holds up in court.  I highly recommend you check out this summit next year, it’s one not to miss!

I should have my slides from the latest version of my talk that I gave at the summit (Attacking & Defending Apple iOS Devices in the Enterprise) in the next day or so.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Speaking at the SANS Mobile Device Security Summit

1
Filed under Apple, Application Security, Mobile Security, Penetration Testing
Tagged as , , , , , ,

I’ll be presenting “Attacking and Defending Apple iOS Devices in the Enterprise” Monday, March 12 @ 10am. I’ve got a bunch of new content about iOS 5, iCloud and the latest attacks on these devices. This is the inaugural event for SANS and I’m proud to be part of it! More information can be found here at the SANS website.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS