- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive!
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top Security Risks
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
London, United Kingdom - November 28 - December 6, 2009
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
Just amazing content and instruction, it's really a 'must do' for any info sec professional.
-Mark Austin, PHH Mortgage
SANS @Night
Monday, 30 November
Keynote: Effective Methods for Implementing the 20 Critical Security Controls
Speakers: Eric Cole, Ph.D. & James Tarala
18:00 - 19:00
Security is often viewed as a cost of doing business and can be difficult to implement in many organizations. However through effective controls and proper implementation, security can be a business enabler allowing an organization to reap performance benefits in addition to proper security. The guidelines clearly define 20 Critical Security Controls that can effectively improve an organizations security and ensure they are focusing in on cost effective security measures. This talk with dissect down the core areas of the controls, showing specific tips and tricks for implementing them in an organization.
Day 1 of the Hex Factor Challenge
18:00 - 22:00
This Challenge game was developed through a community effort. A big thank you to the following contributors:
- Didier Stevens (security blogger and hacker extraordinaire - blog.didierstevens.com
- Erik Van Buggenhout
- Koen Machilsen
- Frederic Coene
- Daan Raman
- Pieter Danhieux (SANS Instructor)
So ... you wanna know how good you are, right? Well, for basically everyone who is at this conference, we have created some interesting challenges surrounding different topics:
- History and Culture (category named Once Upon a Time)
- Penetration testing (category named owned)
- Reverse Engineering (category named Binary Foo)
- Something special (category named Out of the Box)
To ensure that everyone is able to participate and have fun, we have created challenges at various levels of difficulty:
- Level 100s mostly consists of multiple choice questions or easy challenges if you have never been in contact with the subject before.
- Level 200s are challenges that will test your experience and practical knowledge of the subject.
- Level 300s are reserved for the best among us.
For each successfully completed level, you will get points. The purpose is to get as much points as possible and get number one on the rankings. The winner will be announced on Friday, Day 5 of the conference.
Tuesday, 1 December
Day 2 of the Hex Factor
18:00 - 12:00
Day 1 of Forensics Mini Summit
More details to come
Vendor Exhibit
More details to come
Wednesday, 2 December
Community Night
NOTE: There are limited seats for this event so please submit the form below to reserve your seat.
Reception
17:00 - 17:30
Adding Fuzzing to your Pen-Testing Arsenal
Speaker: Stephen Sims
17:30 - 18:15
Fuzzing allows you to find vulnerabilities in an application that may otherwise go unseen. Even when performing source code scanning, fuzzing continuously proves to be a valuable technique. Join Steve Sims for an hour as we walk through various techniques to introduce fuzzing to your penetration testing. We will start with the basics of understanding what fuzzing is and how you can leverage the various types of fuzzing. Next, we'll step through some examples of fuzzing and give a demonstration of a successful test case.
Software Security Street Fighting Style
Speaker: Johannes Ullrich
18:15 - 19:00
It is tough to be a developer. As a developer, you have countless opportunities to make mistakes. You mess up once, and you lose. On the other hand, the attacker has to find only a single vulnerability to get fame and fortune. The only way to beat the attacker is simple and repeatable defensive techniques that work every time. Similar to a street fight, the Kung Fu of the attacker will not matter if you can land a quick kick to the groin or pull a gun. This talk will demonstrate some of these techniques as they apply to defensive coding for web applications. We will discuss why your Kung Fu will not matter and where Sun Tzu went wrong.
Information Security Law, Served Hot!
Speaker: Maury Shenk
19:00 - 19:45
Although the law may not be everyone's cup of tea, legal issues are unavoidable for information security professionals. We have asked Maury Shenk, who is designing a new SANS program on Legal Issues for Information Security Professionals, to preview some of the most current and interesting legal issues in the information security world. This session will be a piping hot and fast moving presentation of topics including liability for distribution of "hacking tools", ISP liability for hosting illegal content (malware, pirated content, etc), responsibility and response for information security breaches, legal and illegal network monitoring, and fact and fiction about encryption regulation. Come have a sip!
Day 3 of The Hex Factor Challenge
18:00 - 22:00
Day 2 of Forensics Mini Summit
More details to come.
Thursday, 3 December
Day 4 of The Hex Factor Challenge
18:00 - 22:00
Final Day of Mini Forensics Summit
Hacking Challenges: Have Fun Improving Your Skills!
Speaker: Raul Siles
17:30 - 18:30
Hacking and security challenges are a great and effective training tool. They provide a platform to improve everyone's skills by forcing all candidates to devise an offensive or defensive tactic, apply different techniques, and squeeze the available tools to succeed. The acquired knowledge can be later on applied to real-world ventures.
This interactive session will guide the audience through some scenarios associated to penetration testing and hacking challenges published over 2009. Apply your technical skills and knowledge to solve these challenges while having fun!
IISP Get-Together
17:30 - 18:30
Why not unwind with other delegates and learn how the Institute of Information Security Professionals (IISP) can help your career by building on the training you are receiving this week? You will be able to ask senior officials of the Institute how the accreditation works, how much experience is needed, and how the process operates. You can also learn how we accredit SANS courses and the GIAC Certification, among other certifications. Refreshments will be provided. What have you got to lose?
About IISP
The principal objective of the Institute is to advance the professionalism of information security practitioners and thereby the professionalism of the industry as a whole. By the year 2010 the Institute aims to provide a universally accepted focal point for the information security profession. The Institute is an independent not- for-profit body governed by its members, ensuring standards of professionalism - for training, qualifications, operating practices and individuals.
One of its main activities is to act as an accreditation authority for the industry. Full Membership of the Institute is Information Security's "professional standard" and endorses the knowledge, experience and professionalism of an individual in this field. The Award is competency based which sets it apart from purely knowledge based qualifications and is awarded to those professionals who demonstrate breadth and depth of knowledge, and substantial practical experience.
SANS Technology Institute Master's Presentation: Intrusion Detection & Response: Leveraging Next-Generation Firewalls
Speaker: Ahmed Abdel-Aziz
18:30 - 19:10
Security threats are increasing in number and sophistication. Financial motivation and the global recession have been key factors in increasing cybercrime. On the other hand, discovering compromises and responding to them takes at least weeks most of the time, as indicated by the Verizon Business 2008 Data Breach Investigations Report. This presentation will explain what Next-Generation Firewalls (NGFWs) are, and how they can be leveraged in intrusion detection and response. By the end of the presentation, you should have a better understanding of NGFW technology and learn useful techniques related to the technology that can allow you to improve the state of intrusion detection and response in your organization.
Bio: Ahmed started his career with a Fortune 500 company, and quickly progressed to become a Regional Technical Consultant in the company. He has helped clients to assess, design, implement, and optimize information infrastructure & security solutions to best support their business. He has over 7 years of experience in Security, Networking, Storage, and Heterogeneous Environments. Ahmed earned his Bachelor's degree in Computer Engineering with Honors from Ain Shams University, and is currently pursuing his Master's degree in Information Security Engineering from the SANS Technology Institute (STI). Ahmed serves as a member of the GIAC Advisory Board, and has achieved several professional certifications which include the CISSP, RHCE, and CCNP, in addtition to holding the following GIAC certifications: GCIH Gold, GCIA Gold, GSNA, GCUX, GWAPT.
Friday, 4 December
Finale of The Hex Factor Challenge
18:00 - 22:00
- © 2000-2010 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy