WebApp Sec mailing list archives

RE: looking for advanced web hacking course

From: "Filip Maertens" <fmt () ascure com>
Date: Wed, 12 Nov 2003 12:17:02 +0100

:-)

I have actually been giving and attending app.sec. courses where we went
fairly detailed on the topic of stack/heap overflows, race conditions,
... In the cases I gave these lectures, I must admit half of the class
was lost or was looking for Quake binaries, but then again... This was
probably caused by my total lacking of human communication and teaching
skills :-) Frame Pointers don't do well on a 8:30 am :-)

That's where I learnt, one must always take into account the audience
they are facing in such a classroom. For example: are they programmers
or are they auditors? Generally, EIP to a programmer has more meaning
than to an auditor. To me, I think (web)app.sec. courses are often (?)
missing their target audience due to sales/marketing/commercial reasons.

Other than this, I agree with Tim. Most companies are out for the
fastest buck they can make, and their sales strategy must be along the
lines of "Take a Hacking Exposed book and sell it contents overpriced in
a luxureous setting". 

Unless, you're keen on gourmet evenings and big buffets, you'll probably
want to do a very stringent comparative study of many (web)app.sec.
course offerings and pay close attention to the prerequisites of such
courses ("knowledgeable on binary execution process cycles, ..." might
be a good indication a course will offer just a tad bit more than
showing off flashy win32 tools) and their intended audience.


Fil

-----Oorspronkelijk bericht-----
Van: Tim Greer [mailto:chatmaster () charter net] 
Verzonden: woensdag 12 november 2003 4:01
Aan: Pheebee Buffe
CC: webappsec () securityfocus com
Onderwerp: Re: looking for advanced web hacking course


On Sat, 2003-11-08 at 07:36, Pheebee Buffe wrote:

All,

Anyone know of good, hands-on advanced web hacking course?

Regards.


There is no such thing.  And if anyone claims otherwise, they 
are wanting your money.  This would encompass too much, you 
are basically going to need to learn how to program, learn 
where, how and why exploits work.
-- 
Tim Greer <chatmaster () charter net>

Current thread:

RE: looking for advanced web hacking course, (continued)
- - - RE: looking for advanced web hacking course Tim Greer (Nov 13)
  - Re: looking for advanced web hacking course Bill Pennington (Nov 13)
    - Re: looking for advanced web hacking course Tim Greer (Nov 13)
  - Re: looking for advanced web hacking course The Crocodile (Nov 13)
- Re: looking for advanced web hacking course minime (Nov 13)
  - Re: looking for advanced web hacking course A.D.Douma (Nov 13)
    - Re: looking for advanced web hacking course Mr. Rufus Faloofus (Nov 14)
    - Re: looking for advanced web hacking course Jarmo Joensuu (Nov 14)
- RE: looking for advanced web hacking course latte1 (Nov 13)
- RE: looking for advanced web hacking course Cuthbert, Daniel (Nov 13)
- RE: looking for advanced web hacking course Filip Maertens (Nov 13)
- RE: looking for advanced web hacking course Zhou, Joe [CC] (Nov 13)
- RE: looking for advanced web hacking course Keifer, Trey (Nov 13)
- RE: looking for advanced web hacking course Filip Maertens (Nov 19)