Tuesday, October 28, 2008

Another SANS Certification Complete!

I forgot to post earlier, but earlier this month I completed my GIAC GCFW certification. I am currently aiming at the GSE-C (and possibly the GSE), so this is one step along the way. Now I am jamming the GCIH material in my head that I had in a Community SANS even earlier this year.

BTW, I will be leading a mentored SEC 401 (GSEC) class in the Dallas area starting in December. Check the SANS sight for more details if you are interested in attending. You will get my focused attention over a 10 week period to help you learn a wide range of great basic security information! The course really does live up to its Security Basics title.

I recommend it even if you can't take it from me. :)


OWASP 2008 New York Conference Online

OWASP recently published the full set of videos, accessible via their website at http://www.owasp.tv. I didn't get to attend this year, but I have enjoyed listening to a few of the sessions so far. One was a bit slow, but overall I am glad I can listen to them at no cost! They are posted in both Flash and iPod (mp4) format.

I highly recommend watching or listening to them, with the latter probably being the best. You do miss the slides, but a talking head is not all that entertaining.


OCC Builletin on Application Security

The US Office of the Comptroller of the Currency recently released a bulletin on application security: http://occ.treas.gov/ftp/bulletin/2008-16.html. It is written more in business language than in tech speak, so it may be good in running by your business counterparts.

One drawback is that is aimed at financial institution, but the points it makes are applicable to any company writing/using custom applications!