SANS AppSec 2010 in conjunction with the WhatWorks in Application Security Summit

Dear Colleague,

I am pleased to invite you to our first Annual SANS AppSec 2010 Conference in San Francisco January 29-February 3. If you are a developer, you need the knowledge and skills to prevent attacks that come through the application layer. Secure coding courses can prepare programmers and developers for certifications and return them to work with the skills to immediately impact current and new projects so jobs will be done right the first time. This will save your organization and your customers time and money! We are bringing you this first conference with What Works in Application Security Summit 2010 (February 4-5). These two SANS events offered together will provide an unprecedented amount of training and information that you don't want to miss.

The following courses were scheduled so that you can take more than one and attend the Summit, too!

• Security 542: Web App Penetration Testing and Ethical Hacking - Kevin Johnson
• Developer 422: Defending Web Applications Security Essentials - Jason Lam
• Developer 541: Secure Coding in Java/JEE: Developing Defensible Applications - Frank Kim
• Developer 544: Secure Coding in .NET: Developing Defensible Applications - David Rice
• Developer 534: Secure Code Review for Java Web Apps - Frank Kim

Visit the Event-at-a-Glance page for the schedule and complete course descriptions.

These SANS courses address the actual problems application developers and programs face every day. Our world-class instructors are practitioners who solve real-world problems and who can present "proven" solutions. In addition to being seasoned professionals, SANS faculty members are extraordinary speakers. They bring the information to life with real-world stories, and enable you to leave with the knowledge and confidence to put what you learned to work the day you return to the office.

This event provides plenty of networking opportunities so that you can increase your list of technical and professional contacts. Valuable professional relationships are forged at SANS events that last for years.

• I needed specific information on how to lock down our applications, and this course has helped me in doing that (DEV544). - Melisa Wentz, Jacobs
• An excellent course for those just starting to look at web app security and want to know where to start and where to go (DEV534). - Michael Schanberger, TESSCO Technologies

Our two SANS events are being held at the newly renovated Sheraton Fisherman's Wharf Hotel. This hotel is centrally located in one of San Francisco's most popular neighborhoods. From the Hotel, you will have easy access to:

• Pier 39 with the Aquarium of the Bay where you can "Walk with the Sharks" and dine at some wonderful eateries such as the Bubba Gump Shrimp Company, the Crab House at Pier 39, Fog Harbor Fish House, and the Sea Lion Cafe, to name just a few
• Ghirardelli Square - great shops and chocolate, chocolate, chocolate
• Alcatraz Island, which is now part of the U.S. National Park Service, and is open for tours. Take a ferry ride from Pier 33 and visit The Rock
• The Cannery - an important historical site which is now a hub for shopping, dining, and entertainment
• San Francisco Maritime Museum where you can let your imagination travel to the 19th Century and visit the Balclutha, an 1886 square rigger, along with six other historic vessels
• Touring the "City by the Bay" by historic cable car - a "must do" when in San Francisco

A special rate of $139 S/D will be honored based on space availability and includes high-speed Internet in your room. This rate is only available through January 11, so don't delay!

Here's what a few of our past attendees had to say about some of our featured courses:

• This course (SEC542) opened my eyes and gave new perspectives of web app penetration testing. - Ji Lee, Seamless Web
• If you feel that you have no idea what people are talking about when they say 'cross-site scripting' or 'SQL Injection,' this (DEV422) will get you in-the-know and show how to test for and prevent these attacks. - Kyle Farris, Info Tech, Inc.
• Even though I have had exposure to much of the information, this course filled in learning gaps and presented scenarios the learning could be applied to (DEV541). - Jarad Bard, Bureau of Land Mgmt.

To follow or tweet about this event, use the hashtag #sansappsec2010.

Follow SANS at http://twitter.com/SANSInstitute.

Start making your plans today to join SANS in San Francisco for a unique and compelling event! SANS AppSec 2010 and WhatWorks in Application Security Summit 2010! I look forward to meeting you there!

David Rice
Chairman, What Works in Application Security Summit 2010