WebApp Sec mailing list archives
RE: looking for advanced web hacking course
From: "Filip Maertens" <fmt () ascure com>
Date: Wed, 12 Nov 2003 12:17:02 +0100
:-) I have actually been giving and attending app.sec. courses where we went fairly detailed on the topic of stack/heap overflows, race conditions, ... In the cases I gave these lectures, I must admit half of the class was lost or was looking for Quake binaries, but then again... This was probably caused by my total lacking of human communication and teaching skills :-) Frame Pointers don't do well on a 8:30 am :-) That's where I learnt, one must always take into account the audience they are facing in such a classroom. For example: are they programmers or are they auditors? Generally, EIP to a programmer has more meaning than to an auditor. To me, I think (web)app.sec. courses are often (?) missing their target audience due to sales/marketing/commercial reasons. Other than this, I agree with Tim. Most companies are out for the fastest buck they can make, and their sales strategy must be along the lines of "Take a Hacking Exposed book and sell it contents overpriced in a luxureous setting". Unless, you're keen on gourmet evenings and big buffets, you'll probably want to do a very stringent comparative study of many (web)app.sec. course offerings and pay close attention to the prerequisites of such courses ("knowledgeable on binary execution process cycles, ..." might be a good indication a course will offer just a tad bit more than showing off flashy win32 tools) and their intended audience. Fil
-----Oorspronkelijk bericht----- Van: Tim Greer [mailto:chatmaster () charter net] Verzonden: woensdag 12 november 2003 4:01 Aan: Pheebee Buffe CC: webappsec () securityfocus com Onderwerp: Re: looking for advanced web hacking course On Sat, 2003-11-08 at 07:36, Pheebee Buffe wrote:All, Anyone know of good, hands-on advanced web hacking course? Regards.There is no such thing. And if anyone claims otherwise, they are wanting your money. This would encompass too much, you are basically going to need to learn how to program, learn where, how and why exploits work. -- Tim Greer <chatmaster () charter net>
Current thread:
- RE: looking for advanced web hacking course, (continued)
- RE: looking for advanced web hacking course Tim Greer (Nov 13)
- Re: looking for advanced web hacking course Bill Pennington (Nov 13)
- Re: looking for advanced web hacking course Tim Greer (Nov 13)
- Re: looking for advanced web hacking course The Crocodile (Nov 13)
- Re: looking for advanced web hacking course minime (Nov 13)
- Re: looking for advanced web hacking course A.D.Douma (Nov 13)
- Re: looking for advanced web hacking course Mr. Rufus Faloofus (Nov 14)
- Re: looking for advanced web hacking course Jarmo Joensuu (Nov 14)
- Re: looking for advanced web hacking course A.D.Douma (Nov 13)
- RE: looking for advanced web hacking course latte1 (Nov 13)
- RE: looking for advanced web hacking course Cuthbert, Daniel (Nov 13)
- RE: looking for advanced web hacking course Filip Maertens (Nov 13)
- RE: looking for advanced web hacking course Zhou, Joe [CC] (Nov 13)
- RE: looking for advanced web hacking course Keifer, Trey (Nov 13)
- RE: looking for advanced web hacking course Filip Maertens (Nov 19)