Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Hacme Bank

from [Frank Knobbe] Network Security [Permanent Link]
Subject: RE: Hacme Bank
Date: Wed, 15 Sep 2004 12:07:16 -0500 
On Tue, 2004-09-14 at 08:31, Don Tuer wrote:

      I understand that the Hacme site is intentionally buggy my point
was that it's quite surprising that Mark sees these very basic errors
continuing to be made by web developers. Basic training in the .NET
platform and some on line reading will emphasize to the developer not to
make these mistakes.


You don't travel much, do you?

The fact that training and information is available does not mean that
it will automatically be absorbed. Just the fact that a lot of
developers are hard-pressed on meeting project deadlines doesn't usually
leave time for them to attend training, and if it does, it's limited in
time/scope. It typically takes an "external auditor" -- most of time
requested by clients or business partners, or required by other business
requirements -- to convince management to allow for more time and
education of the developers for security related things.

While overall the level of security awareness and competence is
increasing, I think we're still a long way off from the desired goal.

That raises the question, though, how we could measure that success.
Perhaps an index of XSS vulnerable web sites?

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RSA vs. Versigin. How do I choose?, Mauricio Fernandez
Next by Date:  dual certificate/smartcard web session management, Frank Dobb
Previous by Thread:  RE: Hacme Bank, Don Tuer
Next by Thread:  RE: Hacme Bank, Jeremy Junginger
Indexes:  [Date] [Thread] [Top] [All Lists]