Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [1/2OT] Training for web-apps and db security

from [Richard Lindberg] Network Security [Permanent Link]
Subject: RE: [1/2OT] Training for web-apps and db security
Date: Sat, 23 Jul 2005 04:44:54 -0700 
Well, since you asked, you could look at www.Interz0neWest.com 
Gray Area does web application security training there at a discount,
courtesy of NTOBJECTives. www.NTOobjectives.com can highly customize
training and certainly include Oracle stuff for a private training.

-RL

-----Original Message-----
From: Gunnar Peterson [mailto:gunnar@arctecgroup.net] 
Sent: Friday, July 22, 2005 9:07 AM
To: Stef
Cc: webappsec@securityfocus.com
Subject: Re: [1/2OT] Training for web-apps and db security

Arctec does training on some related topics, including threat modeling and
Service Oriented Security architecture, and seucrity in the development
lifecycle:

http://www.arctecgroup.net/briefings.htm

-gp


Quoting Stef <stefmit@gmail.com>:


Kind of OT, but couldn't find a better place to ask a group of
professionals about such a subject:

I am looking into training one of the "geeks" in my group (by "geek" I
mean: open-minded, very good at everything (IT-related) he gets his
hands on, be it OS, apps, network gear, etc., good programmer, but
also capable of understanding network applications behavior in
multi-tier environment,s, etc.) in a very specific security area. Here
are the requirements:
- all the applications are part of Oracle E-business suite
- all the clients - thus - have either a simple browser-based type of
interaccess with a proxy I setup in front of the Oracle servers, or a
slightly "thicker" interaction, via a "Java client" (jinitiator), with
an Oracle front-end server (called web/forms server)
- the back-end consists in communication between the web/forms server
and a multitude of database and analytical/processing servers

Having described the above (very briefly, for those intimate with the
Oracle suite), I have in my mind the following type of security
training:
- heavy in Java and "web" apps
- Apache, Squid security
- MS IE and MS or Sun JVM security (not really sure if worth ... but
just to make the list)
- Oracle DB security training

NOTE: This person is NOT to take charge of the specific servers
running those apps (we have the security team for those - which are
all HP-UX, or Linux based), and the minimal interaction with the
underlying OS components can be handled with the level of knowledge
right now.

I am - personally - a big SANS fan (hold multiple certifications with
them, as a result), and they have an offering for Oracle security
(which I would be tempted to try), but I am not aware of any web-based
apps comprehensive security training. Another option (also based on
some personal experience) would have been some graduate level security
courses, at a reputable institution, but those seem to take for ever,
for someone who plans [almost] immediate specific results, vs. a
well-rounded, long-term degree (which is the case for my techno-geek
;)).

I would really appreciate directions and - most of all - personal
experience of such. I would also appreciate any comments about my list
of needeed know-how, in case someone like you has stumbled across
"things you should have learned in school, had you been paying
attention" ;)

TIA,
Stef
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Script Based Attacks & Form Hacks, Christian Martorella
Next by Date:  RE: Re: Securing PDF file on a Website, Auri Rahimzadeh
Previous by Thread:  Re: [1/2OT] Training for web-apps and db security, Gunnar Peterson
Next by Thread:  RE: [1/2OT] Training for web-apps and db security, Gerald Quakenbush
Indexes:  [Date] [Thread] [Top] [All Lists]