Black Hat USA 2011

/
Black Hat USA is the premier security event where members of the security industry gather to learn from elite security researchers in the field. This year’s event will be hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4 and offer over 50 multi-day training sessions, feature 7 Briefings tracks with the latest research, and 2 workshop tracks dedicated to practical application and demonstration of tools.

SANS Network Security 2011 in Las Vegas, NV – Exclusive Promotion

/
SANS Network Security 2011 in Las Vegas, NV - Exclusive Promotion We have a new promotion exclusive to SANS Network Security 2011(Las Vegas, NV), September 17-26. Receive an additional $150 off this offer or any course in any format when you use discount code "Connect_SecOrb"

SANS Boston 2011

/
SANS will be back in Boston, MA with an exceptional information security training lineup this August. Why not get your management, security, and forensics training at SANS Boston 2011 on August 8-15? We are bringing our top courses and best instructors to make this the perfect training event for you! Register before June 29 and save $400.

Black Hat // Webcast 28 – HTTP Parameter Pollution Vulnerabilities in Web Applications

/
While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. This talk analyzes HTTP Parameter Pollution and presents the first automated system for the detection of HPP flaws in real web applications. We used this system to conduct a large-scale experiment by testing more than 5,000 popular websites and discovering unknown HPP bugs in many important and well-known sites such as Microsoft, Google, VMWare and PayPal. In this presentation we will describe the details of the architecture and of the algorithms we implemented to efficiently detect HPP vulnerabilities. We will conclude by discussing the HPP phenomenon and giving suggestions on how to prevent this novel class of injection vulnerabilities in future web applications.

SANSFIRE 2011 in DC

/
If you like what the SANS Internet Storm Center (ISC) provides to the cyber security community, then you will love SANSFIRE! SANSFIRE 2011 is the one annual training event powered by the ISC. This years event will be held in Washington DC, July 15-24, and includes more than 25 courses and dozens of up-to-the-minute field reports from ISC handlers.Each evening, the ISC handlers share riveting talks on their most interesting experiences and newest cyber hazards. These special presentations are free to everyone who attends a course at SANSFIRE 2011.

Free SANS Webcasts Powered by vLive!

/
Please join us in the upcoming weeks for the following informative, free SANS webcasts powered by vLive!, the SANS Institute's online learning platform:

10 Reasons to Attend TakeDownCon Dallas 2011

/
So here are 10 good reasons for you to join us at TakeDownCon Dallas. Don't hesitate, REGISTER NOW, and be part of history in the making.

Splunk Live! – Washington, DC Thursday, May 12, 2011

/
The IT systems and infrastructure that run your organization generate massive volumes of data every millisecond of every day. This machine data contains a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more.

National Town Hall on Cybersecurity

/
Join 1105 Media, Cisco, (ISC)² and government and education cybersecurity leaders from across the country for an interactive National Town Hall discussion online.

FREE On-Line CEH by Shon Harris

/
Through LinkedIn, Shon Harris is providing FREE On-Line CEH Course with Over 25 Hours Long of information. The video modules are outlined below and can be found at her website at: www.logicalsecurity.com/resources/resources_videos.html