Context Security

Received an email this morning notifying me that SANS OnDemand is running a special for the month of March.  20% off of any SANS OnDemand class.  As an added bonus, you could have me as your OnDemand Virtual Mentor (ODVM)

Please feel free to leave a comment or email me at seth combined with this domain name.

Seth Misenar

Here is the text of the email, which includes the discount code of  STS_OD

To help you with your training needs, SANS is offering a Spring Training
Special on ALL courses in our extensive SANS OnDemand online course
library. Register and pay now through Thursday March 26th, 2009 and
receive a 20% discount on ANY SANS OnDemand course! Register at
http://www.sans.org/info/40138 and use the discount code "STS_OD".

For group or multi-course training needs, save an additional 10% on our
already discounted SANS OnDemand Flex Passes through March 26, 2009.
Check it out at http://www.sans.org/info/40133.

Not sure online training is for you?  Try any of our OnDemand course
demos at http://www.sans.org/info/40123.

With SANS OnDemand, students receive:
 * 4-months access to our 24/7 online training and assessment system
 * Full set of course books and hands-on CDs
 * Synchronized online courseware and lectures
 * Integrated assessment quizzes throughout the course
 * Access to OnDemand Virtual Mentors
 * Labs & hands-on exercises
 * Progress Reports

In today's economy, travel budgets are very tight and even justifying
money for critical training can be difficult.  Many students have found
SANS OnDemand online training and assessment as a great alternative.  It
allows you to receive the same high quality SANS training while saving
100% of your travel costs.  Furthermore, it allows you to learn without
leaving home or the office. You can train anytime, anywhere!

Check out what a few of our students say about SANS OnDemand...

 "I got more out of this course than I had with any of the other SANS
 classes that I participated in. The quizzes at the end of each
 presentation helped reinforce the information presented.  I couldn't
 fake it.  I had to know it and retain it." - Richard Gancze, OCI

 "It was like having the teacher right there. Having each piece of the
 lecture broken up into little pieces helped me retain the information.
 You guys did an outstanding job creating this program." - Robert
 Urbanowicz, Parkway Insurance Company

 "I have several GIAC certs. My highest exam scores are from when I use
 OnDemand training." - Brad Fulton, SMS Data Products

If you have any questions about SANS OnDemand, write to
ondemand@sans.org or call us at (301)654-7267.

And remember that every SANS OnDemand purchase earns you points towards
future OnDemand training! http://www.sans.org/info/40128

Be sure to tell your friends and colleagues about this great opportunity!

Kind Regards,

Kimie Cabreira
Director
SANS OnDemand

Just wanted to let you all know that I will be a guest on the PaulDotcom Security Weekly podcast tonight.  I will be leading a technical segment on w3af, which is a very nifty free/open source tool for web application scanning/exploitation.  Should be loads of fun!

The live stream should go up around 1845 EDT with the show starting around 1900EDT.  Further details can be found here: http://pauldotcom.com/security-weekly/

Hope to see you there.

Seth Misenar

SANS Protecting Your Web Apps: Two Big Mistakes and 12 Practical Tips to Avoid Them

Not sure when this was released, but I am sure that it was pretty recently.  From the title I wasn’t really expecting much, but was pleasantly surprised by the clarity with which the tips were explained.  Frank Kim and Ed Skoudis co-authored this pithy 6 page paper.

Here is the description from the SANS Reading Room:

Many web application vulnerabilities are a direct result of improper input validation and output filtering, which leads to numerous kinds of attacks, including cross-site scripting (XSS), SQL injection, command injection, buffer overflows and many others. This article describes some of the best defenses against such attacks, which every Web application developer should master.

This offering looks to be part of a new series from SANS entitled, Working Papers in Application Security. I am looking forward to future papers if they are written as lucidly as this one.

Good work, Frank and Ed.

Here is the link to get the document: http://www.sans.org/reading_room/application_security/protecting_web_apps.pdf