I was think about buying
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Dedicated to all those services opened to browsers and the backend servers that support them.
Kevin Johnson is a Senior Security Analyst with Intelguardians. Kevin came to security from a development and system administration background. He has many years of experience performing security services for Fortune 100 companies, and in his spare time contributes to a large number of open source security projects. Kevin founded and leads the development on B.A.S.E. (the Basic Analysis and Security Engine) project. The BASE project is the most popular web interface for the Snort intrusion detection system. Kevin is an instructor for SANS, teaching both the Incident Handling and Hacker Techniques class and the Web Application Security class. He has presented to many organizations, including Infragard, ISACA, ISSA and the University of Florida.
Jeremy Martin, Cyber Warfare Instructor, is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995 Mr. Martin has worked with fortune 200 companies and Federal Government agencies, receiving a number of awards for service. Jeremy is a published author, teaches, and speaks at security conferences around the world. Current projects include vulnerability analysis, threat profiling, exploitation automation, anti-forensics, and reverse engineering malware. He is active in the Information Security/Assurance world and is the current President for the Open Information Systems Security Group (OISSG) while sitting on the Board of Directors for Denver’s Infragard chapter. Jeremy is also an active member of the Business Espionage Controls & Countermeasures Association.
Andres Andreu, CISSP-ISSAP, GSEC currently operates neuroFuzz Application Security LLC, and has a strong background with the U.S. government. He served the United States of America in Information Technology and Security capacities within a “3-Letter” federal law enforcement agency. The bulk of his time there was spent building the IT Infrastructure and working on numerous intelligence software programs for one of the largest Title III Interception Operations within the continental U.S. He worked there for a decade and during that time he was the recipient of numerous agency awards for outstanding performance.
He holds a bachelor’s degree in Computer Science, graduating Summa Cum Laude with a 3.9 GPA from the American College of Computer and Informational Sciences. Mr. Andreu specializes in software, application, and Web services security, working with XML security, TCP and HTTP(S) level proxying technology, and strong encryption. He has many years of experience with technologies like LDAP, Web services (SOA, SOAP, and so on), enterprise applications, and application integration.
vijay2 wrote:SANS has a 4-day class
Security 542 Web Application Penetration Testing In-Depth
I have heard good reviews of this class
Users browsing this forum: No registered users and 1 guest