Appsec Training

[ojconnolly at gmail.com (Owen Connolly)]

Hi Chris,

I come from a non-college sysadmin background, so I was never formally
trained in development skills.  I took 542 particularly because I had all
the IP and *nix skills but wanted to learn more about the technologies that
go into the whole web 2.0 phenomenon.  I definitely feel I got that and it
provided several useful primers on Python, PHP, JavaScript, Flash, etc...

I?ve since achieved my GWAPT and I?m currently lined up to teach the course
through the community program in Dublin in September.  I?ve used the skills
I picked up in a couple of audits since, although I wouldn?t claim to have
done a full code review... But it did give me the ability to have an
intelligent conversation with the developers! :-)

Cheers,


ojc


On 12/04/2010 15:15, "Chris Merkel" <cmerkel at gmail.com> wrote:

> Looking for feedback on the relative value of the SANS Web App Sec 542. I have
> a fairly sharp analyst who is more familiar with the network / infrastructure
> side of things and does not have a development background (aside from CS in
> college ~6-7 years ago).?
>
> I'd like some feedback from people who have taken the course, who also don't
> have strong development chops, and if you were able to apply that knowledge
> to?successfully?perform appsec assessments by way of black/grey/whitebox
> testing and/or code review.
>
> Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100412/8af64a50/attachment.htm