[Owasp-london] "Advanced Asp.Net Exploits and Countermeasures" in the UK (London and Leamington Spa)

Tue Oct 31 18:40:54 EST 2006

Sorry guys, here is another shameless plug for the 2 day course that I will
be delivering in London next December (95% of past attendees gave it top
marks, so I must be doing something right :)  )

Dinis Cruz

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

ADVANCED ASP.NET <http://asp.net/> EXPLOITS AND COUNTERMEASURES

       delivered by

       *Dinis Cruz*
        IOActive
  Senior Security Consultant

.NET has matured as a technology and ASP.NET <http://asp.net/> has become
prevalent on the Internet.  A huge number of businesses are reliant and will
become more reliant on .NET as the core technology which drives their IT
infrastructure and their business.  In the near future, the industry is
likely to see an unprecedented number of advanced attacks targeted at their
application systems.  One of the key defenses in mitigating these future
threats is to have a team of well trained developers versed in advanced
application security mitigation methods and techniques. Unfortunately, the
majority of developer training does not cover security except as an add-on
and even then the course material is often limited to basic concepts like
'SQL Injection' and 'Cross-Site Scripting'.

IOActive's "Advanced ASP.NET <http://asp.net/> Exploits and Countermeasures"
course will be held in London and Leamington Spa in early December 2006 and
offers a paradigm change in security training.  The two days of intensive
developer security training will delve into the inner workings of the .NET
Framework, its weaknesses, its strengths, how to exploit the former and how
to enhance the latter in order to build the most secure
ASP.NET<http://asp.net/>applications possible on the .NET Framework.
Developers will spend two days
coding web enabled applications, being taught the exploitable features of
web-sites, and learn advanced techniques such as real-time patching of the
CLR , Buffer Overflows on the .Net Framework, exploiting Partial Trust
ASP.NET <http://asp.net/> Applications (delivered as part of an in-depth
analysis of .Net's Code Access Security).

Dinis Cruz and IOActive debuted "Advanced ASP.NET <http://asp.net/> Exploits
and Countermeasures" at this years BlackHat Vegas and Open Web Application
Security Project (OWASP) AppSec 2006 conference in Seattle.  Dinis is a
renowned application security expert who is passionate about training
developers to move beyond the 'comfort zone' of standard
ASP.NET<http://asp.net/>development and into the world of advanced
security aware development with
the aim of making the Web Applications as secure as possible against malware
and malicious hackers. Dinis is also the project leader for the OWASP .Net
Project and the author of many Open Source security tools (see
http://www.owasp.org/index.php/.Net).

The course is a 2 day residential course and costs £900 for individuals with
discounts available for multiple bookings (this INCLUDES all food for the 2
days and accommodation for one night) .  For more details and to register
for the course go to http://www.nxtgenug.net/Courses.aspx?courseid=1

IOActive, established in 1998, is one of three firms in the world chosen by
Microsoft to perform the Vista code review and delivers specialized training
all around the world.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-london/attachments/20061031/394989d2/attachment-0002.html 