Review by Jason Haddix, Security Aegis

Anyone who knows training (or InfoSec for that matter) knows SANS is probably THE most recognized name in InfoSec training. While the foundation of SANS is Stephen Northcutt and Alan Paller, his superstars are the InGuardian’s crew. Call them security divas, we don’t care. We know that Ed Skoudis, Kevin Johnson, Mike Poor, and Joshua Wright are instructors with whom we’d give the whole of our security budget to train. We can’t decide what we like best: their stellar tool development, their helpful whitepapers, their nifty cheat sheets, their open source projects, or the fact that their courses are the most interesting and engaging we’ve seen.

Web application pen testing is a huge focus for the security space right now, and SANS just turned their 4-day SEC542 - Web App Penetration Testing and Ethical Hacking into a 6-day class. We had the chance to pick the brain of its instructor/creator Kevin Johnson, InGuardian pen tester, father, and all around great guy.

Read on as he answers our questions on a wide array of our web-app security queries.