Information technology continues to rapidly evolve and as the dependence on Internet technology increases, so are the risks to information systems. As such, information security professionals are required to stay up-to-date on the latest security technologies, threats and remediation strategies.
EC-Council's Center of Advanced Security Training (CAST) was created to address the need for highly technical and advanced security training for information security professionals.
CAST First Look Training Series
As part of the launch of CAST, we are pleased to present a First Look training series that will give an insight into the following programs, where we invite the authors of the respective courses to conduct a "LIVE" online training on a selected module from the program.
This highly technical and intensive course will center on thwarting off attackers by understanding how to defensively writing your code. A participant will learn the new techniques for case hardening your application from within. We will actually be attacking applications from the web, off the shelf binary applications as well as popular runtimes such as .net, Java and even adobe AIR (In a legal and Ethical Way), learning where mistakes were made and ensuring our own house is in order and we don't have these same faults internally. Read more.
Apr 7, 2011 - 9:00 A.M - 10:30 A.M (EDT)
Topic: Programming To Defend Against Cryptographic Errors
In this training, you will understand how SSL can help or hurt a programmer. Understand what is certification revocation list, and if you think your library is implementation it ... thing again. and also learn about Compelled Certificate Injection can be circumvented. Poland, the Russian Government, The Hong Kong post office all can watch our every move and we'll most likely never know it!
I usually ask 2 questions before a pen test. 1. Can I see your programmers/system admin's office. After a few strange looks they lead me to right outside the door. If I see papers all over the desk and floor, coming out the draws etc., I usually turn to the prospective client and nod "Yeah I can get in"
Question 2 from me to the person who hired me is asked: "Did you have an application that was written to be used internally, but it turned out to be so popular you were asked to put it out for our business partners or customers to use? If again his answer comes back in the affirmative I would again simply state: "Yeah I can get in".
A highly technical and intensive course that focuses attacking and defending highly secured environments. These environments simulate those found in government agencies and large corporations. In APT, you will be learning how to attack new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers, all patched, and hardened. Both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) will be in place as well. Read more.
Apr 13, 2011 - 10:00 A.M - 12:00 A.M (EDT)
Instructor: Joe McCray
Topic: SQL Injection To A Command Shell
In this training, you will learn how to probe a website to determine if it is vulnerable to SQL injection, go on all the way to actually getting a command shell on the host. This will be achieved using both SQLiX and SQLNinja.
Special Promotion! Sign up for any of the CAST training at TakeDownCon Dallas and get a FREE iPad 2!
Find out more at www.takedowncon.com/training
For more information about CAST, please visit: http://www.eccouncil.org/CAST