The most trusted source for computer security training, certification and research.

select a course
Las Vegas, NV - June 1 - 8, 2009
Global Information Assurance Certification

This was by far the best course I have ever taken.
-Peter Lombars, Intrucom Inc.

Travel and Hotel Costs - No Problem

SANS What Works in Penetration Testing & Web Application Attacks

Ed Skoudis

with Ed Skoudis

Dates:
Summit: June 1-2, 2009
Summit Venue:
Paris Hotel
3655 Las Vegas Blvd So.
Las Vegas, Nevada 89109
Phone: 877-603-4386
Website: http://www.harrahs.com/casinos/paris-las-vegas/

Top Industry Leaders added to SANS What Works in Pen Testing and Web App Attacks Summit Agenda.
Interact with the greatest depth of Pen Test and Web App Experts pulled together in a single venue in 2009.
Detailed Agenda

Mark your calendars now! Join us for the 2009 Penetration Testing & Web Application Attacks Summit in Las Vegas on June 1 & 2. The summit theme will focus on maximizing the business value of penetration tests through cutting-edge technical skills in light of the latest compliance requirements. Every session will be devoted to sharing skills and techniques to help organizations derive more business value from in-depth technical penetration tests. Some of the world's best pen testers will share their coolest secrets for finding and exploiting flaws, determining the associated business risks, and making an effective case for enterprise management to prioritize resources in mitigating flaws. Over a dozen sessions by industry-leading experts will cover must-have new tools, countless time-saving tactics, and tips for effective compliance reporting.

Attendees will include:
  • In-house enterprise penetration testers and vulnerability assessment personnel who want to improve their skills and efficiency using the latest testing tools and techniques
  • People who procure pen tests and need to make sure they are getting maximum value for their expenditures
  • Third-party penetration testers who want to take their skills and understanding to the next level.
Topics to be addressed in the summit include:
  • Ten technical tips most penetration testers don't know... but should
  • The latest web app manipulation tactics and brand-new tools to help automate discovery and exploitation
  • Late-breaking wireless vulnerabilities and how to test for them in an operational environment
  • Incorporating physical and social engineering testing to measure compliance more thoroughly
  • New tools for the toolbox based on best-of-breed free and commercial offerings
  • Time-saving techniques to accomplish more testing in less time
  • Advice on the best scripting languages for pen testers to master and insight on test automation
  • Specific criteria for evaluating penetration testing companies to determine the quality of their testing regimen
How Good Are SANS Summits?

Here's more from people who attended the last Summit:

  • This Summit provides an excellent means to stay informed on what is available today; and what the current and emerging issues are.- Yong Choe, SAIC
  • Excellent presentations of practical experiences.- Rich Lansing, Bloomberg

Post Summit Classes

SEC 560 :: Network Penetration Testing and Ethical Hacking
Attendees will learn how to perform detailed reconnaissance, learning about a target's infrastructure by mining blogs, search engines, and social networking sites. We'll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.
SEC 709 :: Developing Exploits for Penetration Testers and Security Researchers
Attendees can apply the skills developed in this class to create and customize exploits for penetration tests of homegrown software applications and newly discovered flaws in widespread commercial software. Understanding the process of exploit development can help enterprises analyze their actual business risks better than the ambiguous hypotheticals we often contend with in most traditional vulnerability assessments. This course is not for the faint of heart or those with modest skills. It is leading edge stuff for the best technical security professionals, security researchers, and pen testers. If you are able to absorb it, the knowledge gained throughout the course will help you write custom exploits to gain privileged system access and determine the real risk to your business. Precompiled exploits won't help you here!