The upcoming 44Con security conference has announced its training line-up to run on the two days preceding the conference and the first speaker in the 'Infosec specialist' track.
Alex Lucas of Microsoft is currently a principal security development manager at Microsoft and will be speaking on the role of the security development lifecycle in improving the security of large projects, something of great interest to most commercial development organisations.
For the first time, the authors of the Web Applications Hacker's Handbook are running a course on the content covered in the soon-to-be-released second edition. Widely recognised as one of the best technical resources on web security and ranked number one in Amazon's web security section and number three in its network security section, this handbook is a detailed guide to practical and detailed security issues surrounding web applications. The course is being run by the authors, providing first-hand knowledge and insight into the latest web application security issues.
Traditional topics such as database and wireless security are also well covered. The wireless security training includes live 'hands on' work and is being run by Vivek Ramachandran, founder of securitytube.net, and well known for his work on wireless security attacks and defences; in particular the 'Café Latte' attack that allowed WEP cracking for the first time without prior access to the wireless LAN itself.
The Oracle security course covers both attacks on Oracle and how these can be mitigated by secure development practices: so will be of interest to database developers, penetration testers and technical security staff.
Social engineering is a mainstay for both penetration testers and criminals and is currently a hot topic in information security. In a course on social engineering tailored for the IT professional, Sharon Conheady and Martin Law will cover the theory and practice of integrating social engineering into security evaluations and penetration tests, with a particular focus on the tricky topic of keeping such tests ethical.
Social engineering is often an extremely cost effective attack and one that most technological barriers are powerless to prevent, so a thorough knowledge of it is valuable for any security professional.
With the increased deployment and associated security issues of mobile technologies, ensuring the security of applications that are deployed on them is an important issue and 44Con's Android security workshop will provide a detailed explanation of the security issues surrounding the Android platform from both a developer and a security auditor perspective.
Finally, Adam Laurie and Zac Franken are presenting a course on RFID technology security. Given the widespread deployment of RFID tokens in security access control systems, understanding its weaknesses and how they can be addressed is essential to ensure that such systems are deployed correctly and do not offer a false sense of security.
The 44Con training sessions are competitively priced and run on the 30th/31st August, immediately preceding the 44Con conference itself. Attendees get free admission to the full conference included in the training price. Full details and booking information are at http://www.44con.com/training/