PaulDotCom mailing list archives
Appsec Training
From: ojconnolly at gmail.com (Owen Connolly)
Date: Mon, 12 Apr 2010 22:43:03 +0100
Hi Chris, I come from a non-college sysadmin background, so I was never formally trained in development skills. I took 542 particularly because I had all the IP and *nix skills but wanted to learn more about the technologies that go into the whole web 2.0 phenomenon. I definitely feel I got that and it provided several useful primers on Python, PHP, JavaScript, Flash, etc... I?ve since achieved my GWAPT and I?m currently lined up to teach the course through the community program in Dublin in September. I?ve used the skills I picked up in a couple of audits since, although I wouldn?t claim to have done a full code review... But it did give me the ability to have an intelligent conversation with the developers! :-) Cheers, ojc On 12/04/2010 15:15, "Chris Merkel" <cmerkel at gmail.com> wrote:
Looking for feedback on the relative value of the SANS Web App Sec 542. I have a fairly sharp analyst who is more familiar with the network / infrastructure side of things and does not have a development background (aside from CS in college ~6-7 years ago).? I'd like some feedback from people who have taken the course, who also don't have strong development chops, and if you were able to apply that knowledge to?successfully?perform appsec assessments by way of black/grey/whitebox testing and/or code review. Thanks!
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100412/8af64a50/attachment.htm
Current thread:
- Appsec Training Chris Merkel (Apr 12)
- Appsec Training Owen Connolly (Apr 12)
- Appsec Training Dark Floyd (0xdf) (Apr 12)