Templora provides a tutorial on “Basic PHP Script Security.”
http://templora.com/content/14
Topics covered include:
SQL Injection
XSS Attacks
CSRF Attacks
PHP variable insertion
Input Validation
Entries Tagged 'Training' ↓
Templora Provides a Tutorial on Basic PHP Script Security
June 7th, 2008 — Training
Several Computer Forensics Training Resources
May 30th, 2008 — Training
Dan Dickerman from the IRS Criminal Investigation, Electronic Crimes Program, provided several presentations on computer forensics topics:
Advanced Data Carving: New Directions in Data Carving Techniques
Using VMWare in Digital Forensic Investigations
Unfortunately, these slides don’t include Dan’s narration, but they’re detailed enough that you can get a good understanding of each topic on your own. Any remaining questions are a simple task for Google.
The Academy Provides Free IT Security Training Videos
May 5th, 2008 — Training
I just stumbled upon a great video training resource: The Academy
They have a nice collection of security videos including:
IronPort (Anti-Spam)
Sophos (Anti-Virus)
AccessData (Forensics)
Nessus, Nmap, Netcat, Metasploit, Cain & Abel (Vulnerability Assessment / Penetration Testing)
GIAC Systems and Network Auditor (GSNA)
milw0rm Offers Free Security Videos and Papers
May 1st, 2008 — Papers, Training
milw0rm.com hosts many security-related videos and papers for free:
[Papers]
Lateral SQL Injection: A New Class of Vulnerability in Oracle
Security Implications of Windows Access Tokens
802.11 Attacks
[Videos]
Packet sniffing with Ettercap (arp spoofing basics)
Anonymous Voice Vlan Hack
How to Make Files Undetected by AVs
Howto using aircrack-ptw WEP cracking tool
Advanced Mysql Injection in Joomla
MindCert Provides Certified Ethical Hacker (CEH) Mind Maps
April 30th, 2008 — Training
MindCert provides a free Certified Ethical Hacker (CEH) mind map
Certified Ethical Hacker - Module 5 - System Hacking Mind Map
Sections include: Remote Password Guessing, Eavesdropping, Denial of Service, Privilege Escalation, Keystroke Loggers, Password Cracking, Covering Tracks, Remote Control, and Covering Tracks
Certified Ethical Hacker - Module 4 - Enumeration Mind Map
This Mind Map covers the main forms of Enumeration such as NetBIOS Enumeration, Null Session Enumeration, SNMP Enumeration as well as Active Directory Enumeration. Sample tools that can be used to Enumerate in each instance are also provided.
Certified Ethical Hacker - Module 3 - Scanning Mind Map
This Mind Map covers module 3 of the CEH curriculum. This is Scanning. This Mind Map and module covers the detection of live systems on a network as well as the detection of services on those systems. This is also known as port scanning, and one of the best port scanning tools is Nmap. Nmap is covered in depth within this Mind Map along with the command line options for performing different scans with it. As well as Nmap, other port scanning tools are reviewed as well as direct links to download them.
Certified Ethical Hacker - Module 2 - Footprinting Mind Map
The second Mind Map from MindCert.com covers Footprinting. Footprinting is the initial reconnaissance that a hacker carries out in order to gleam information about the target of evaluation. The type of information that is obtained through footprinting is normally in the public domain so this is classed as passive reconnaissance as you do not have to do anything active, against the target of evaluation at this point.
Certified Ethical Hacker - Module 1 - Ethical Hacking Mind Map
This Mind Map covers module 1 from the Certified Ethical Hacker exam blueprint. Module 1 is titled Ethical Hacking and it covers the terminology used to represent Ethical Hackers.
Foundstone Offers Free Security Training Software
April 23rd, 2008 — Training
Foundstone offers free security training software.
Here’s a description straight from the site:
Hacme Bank™ is designed to teach application developers, programmers, architects and security professionals how to create secure software. Hacme Bank simulates a “real-world” web services-enabled online banking application, which was built with a number of known and common vulnerabilities. This allows users to attempt real exploits against a web application and thus learn the specifics of the issue and how best to fix it. The web services exposed by Hacme Bank are used by our other testing applications including Hacme Books and Hacme Travel.
http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
Google Code University Offers Free Web Security Training
April 23rd, 2008 — Training
Google Code University offers free training on various topics including web security.
Be sure to check out the following presentations:
What Every Engineer Needs to Know About Web Security and Where to Learn It — presentation by Neil Daswani
How to Break Web Software — presentation by Mike Andrews
DISA Offers Free Training
April 22nd, 2008 — Training
The Defense Information Systems Agency (DISA) offers free training and training resources (CD/DVD media) to all Government civilian employees, Military personnel, or contractors who have a Government sponsor.
IA Awareness Training:
DoD Information Assurance Awareness (For DoD Personnel)
Information Systems Security Awareness (For Non-DoD Personnel)
Personally Identifiable Information (PII)
Information Operations (IO) Fundamentals
Information Assurance Awareness Shorts
IA Training for IT Managers:
Designated Approving Authority (DAA)
Active Defense: An Executive’s Guide to Information Assurance
IA Training for IA Professionals:
Information Assurance Policy & Technology (IAP&T)
Information Assurance for Professionals Shorts
IA Hot Subjects
Computer Network Defense (CND)
Securing the Mobile Network
Enhancing Information Assurance through Physical Security
SSAA Preparation Guide
DOD Certifier Fundamentals
Information Assurance for DoD Auditors and IGs
IA Technical Training:
Web Security
Database Security
Firewall and Router Fundamentals
Windows Server 2003 Incident Preparation & Response (IP&R): Part I
Windows Server 2003 Incident Preparation & Response (IP&R): Part II
Windows 2000 Security
UNIX Security for System Administrators
System Administrator Incident Preparation & Response for UNIX (SAIPR UNIX)
Internet Protocol Version 6 (IPv6)
CyberLaw:
CyberLaw 1
CyberLaw 2
Session Hijacking a WEP encrypted session with hamster
April 20th, 2008 — Training
I found an interesting screencap video on session hijacking over WiFi today.
Here’s a blog entry that includes the code and instructions.
MIT Offers Over 1800 Courses Free Online
April 16th, 2008 — Training
I just found out today that MIT offers over 1800 courses for free online through MIT OpenCourseWare.
Here are a few that I found directly relating to IT Security:
Cryptography and Cryptanalysis
Selected Topics in Cryptography
Network and Computer Security
There are plenty more on just about every other topic you can name.
Here’s a link to their main page:
MIT OpenCourseWare