- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Las Vegas, NV - May 31 - June 9, 2008
- Event Location & Info
- Faculty
- Vendor Expo
- General Info
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota
Additional Summit Offered in Las Vegas: Two Great Summits! Please visit the WhatWorks in Penetration Testing and Ethical Hacking Summit 2008 page for more information.
Faculty for SANS WhatWorks in Web Application Security Summit 2008
George Bakos
George Bakos has been interested in computer security since the early 1980s when he discovered the joys of BBSs and corporate databases. These days he is a senior engineer for Northrop Grumman's Cyber Threat Analysis & Intelligence team working to understand what's going on inside the minds and hearts of his adversaries. He was the developer of Tiny Honeypot and the IDABench intrusion analysis system and was one of the researchers behind the Dartmouth Distributed Honeynet System. George developed and taught the U.S. Army National Guard's CERT technical curriculum and ran the NGB's Information Operations Training and Development Center research lab for two years, fielding and supporting Computer Emergency Response Teams nationwide. Outside the lab, George enjoys the beauties of his home state, Vermont, through skiing, ice and rock climbing, and mountain biking.- George will be teaching:
- SEC 504.1 Incident Handling Step-by-Step and Computer Crime Investigation
- SEC 504.2 Computer and Network Hacker Exploits - Part 1
- SEC 504.3 Computer and Network Hacker Exploits - Part 2
- SEC 504.4 Computer and Network Hacker Exploits - Part 3
- SEC 504.5 Computer and Network Hacker Exploits - Part 4
- SEC 504.6 Hacker Tools Workshop
Eric Cole, PhD
Dr. Eric Cole is an industry-recognized security expert with over 15 years of hands-on experience. Cole currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a master's degree in computer science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty fellow and course author.- Eric will be teaching:
- MGT 431 Secure Web Services for Managers
Kevin Johnson
Kevin Johnson is a senior security analyst with InGuardians, LLC. Kevin came to security from a development and system administration background. He has many years of experience performing security services for Fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin founded and leads the development on the Basic Analysis and Security Engine (BASE) project, the most popular Web interface for the Snort intrusion detection system. Kevin is an instructor for SANS, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking. He has presented to many organizations, including Infragard, ISACA, ISSA, and the University of Florida.- Kevin will be teaching:
- SEC 542.1 Web App Penetration Testing and Ethical Hacking: The Attacker's View of the Web
- SEC 542.2 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 1
- SEC 542.3 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 2
- SEC 542.4 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 3
Jason Lam
Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He currently holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.- Jason will be teaching:
HD Moore
HD Moore is the director of security research at BreakingPoint Systems, where he focuses on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code. HD is the founder of the Metasploit Project and one of the core developers of the Metasploit Framework, the leading open-source exploit development platform. In his spare time, HD searches for new vulnerabilities, develops security tools, and contributes to open-source security projects.- HD will be teaching:
- SPECIAL Tactical Exploitation
Ed Skoudis
Ed Skoudis is a founder and senior security consultant with InGuardians. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in financial, high technology, healthcare, and other industries.
Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).
- Ed will be teaching:
- SEC 560.1 Network Penetration Testing: Planning, Scoping, and Recon
- SEC 560.2 Network Penetration Testing: Scanning
- SEC 560.3 Network Penetration Testing: Exploitation
- SEC 560.4 Network Penetration Testing: Password Attacks
- SEC 560.5 Network Penetration Testing: Wireless and Web Apps
- SEC 560.6 Penetration Testing Workshop & Capture the Flag Event
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida.- Johannes will be teaching:
- SEC 519 Web Application Security Workshop
- DEV 538 Web Application Penetration Testing Fundamentals
Valsmith
Valsmith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on problems for both the government and private sectors. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Offensive Computing, a public, open source malware research project.- will be teaching:
- SPECIAL Tactical Exploitation
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy