Training

Introduction to Web Security

Often, I give a lecture to the Distributed Client-Server Programming class at Mississippi State University on the topic of Web Security. The students of this class learn basic web application development skills and must apply those skills to developing an application as a term project. As a part of this process, they must be able to identify possible threats to the security of their web apps, and take steps to secure them.

While the class focuses on Java, the lecture and accompanying slides do not focus on any specific language or platform. The purpose is to provide an introduction to some of the problems inherent with a client-server web app, and to reveal how easy it is for an attacker to subvert some common assumptions about how the application is used. The class lasts for an hour and fifteen minutes, so I go into a lot more detail in my lecture as time allows, using the slides as a guide.

• Full-color Slides - Suitable for display
• Handouts - Reduced-color, six-per-page, suitable for printing

I encourage anyone who can make use of this material to do so. I only ask that you attribute me as your source, and send me an email to let me know it was helpful. You'll likely need to talk to me to understand what I mean by some of my more colorful and cryptic phrases anyway :) .

SANS Training

Recently I had the pleasure of teaching the SANS Stay Sharp IP Packet Analysis course at Mississippi State University, in association with the university's Center for Computer Security Research. It was an excellent experience and the students seemed to enjoy it and leave the class with some useful skills.

Similar training sessions and materials can be arranged for your organization, with either SANS training, or with materials that I develop specific to the needs of the attendees. I can help bring your employees up to speed on many aspects of information security, and help you learn how to help yourself.