Re: Recommended training course?

["Ali, Saqib" <docbook.xml () gmail com>]

A mailing list is the wrong place to ask for training vendor
recommendations. You will get spammed by security training vendors.
:-)

Having said that, most of the famous training courses (SANS,
Foundstone, whitehat security etc) are really good. And the advance
courses are not really that complicated. As long as you have a good
understanding of the web programming (any language) you are good.
Having a good strong understanding of web programing will really help
you, even if you don't know anything about these attack vectors.

Another option is to go to RSA, and find a web application
hacking/security track. That way you will get to see the
presentation/teaching styles of many training vendors. Then if you
find a vendor that suites your style, you can take more classes from
that vendor.

saqib
http://doctrina.wordpress.com/

On Sat, Jul 12, 2008 at 10:21 PM, Jimmy Liang <staufj22 () yahoo com> wrote:
> Hello,
>
> I'm looking at expanding my security knowledge and am looking for recommendations on training courses. I've had a few 
> years of Windows and Solaris admin experience managing 30 or so 24/7 systems, and minimal web application 
> development. I know the basic concept of SQL injection and CRLF injection, but wouldn't know how to actually apply it 
> in real life.
>
> I've been looking at the Foundstone courses, specifically, the "Ultimate Hacking: Expert" course. This is mainly 
> because the regular "Ultimate Hacking" and "Ultimate Web Hacking" courses are not offered in my area any time soon. 
> I'm a little concerned that the course description says that advanced Unix and Windows knowledge is required… What 
> does advanced mean?
>
> Anyone else have other recommendations on classes? I learn better with hands on labs and live instructors. I'm mainly 
> looking for web application vulnerability but general system/wireless/network security would also be beneficial.
>
> Any recommendations is greatly appreciated.