SANS What Works in Penetration Testing & Vulnerability Assessment Summit

with Ed Skoudis

Dates:

Summit: June 14-15, 2010

Summit Venue:

Hilton Baltimore
401 West Pratt Street, Baltimore,
MD USA 21201
Tel: 1-443-573-8700
Fax: 1-443-683-8841
Web Site: http://www1.hilton.com/en_US/hi/hotel...

Table of Contents

• Summit Overview
• What Makes This Summit Unique?
• Who Should Attend?
• Summit Agenda
• Topics To Be Addressed
• Register Now

Summit Overview

The 2010 SANS What Works in Penetration Testing & Vulnerability Assessment Summit features an agenda loaded with brand-new talks from the best penetration testers and vulnerability assessment thought leaders in the world. This must-see event lets attendees interact directly with industry leaders, discussing tough technical and operational issues to get the most value from penetration testing and vulnerability assessment expenditures.

If you are responsible for managing vulnerabilities in an enterprise, how can you make sure you're getting the most value from penetration tests and vulnerability assessments - whether using in-house personnel or third-party contracts? If you are a professional pen tester or provide vulnerability assessments, do you have the skills to perform tests using the latest tools and techniques? To address these questions we will have an action-packed agenda with hard-hitting sessions on deep, technical topics that every penetration tester and vulnerability assessor must know. Panels will feature enterprise users from Fortune 500 companies sharing lessons learned in making penetration tests and vulnerability assessments work in the real world. They will analyze and compare the latest tools during interactive vendor panels to see who can help you do your job most effectively.

What Makes This Summit Unique?

• Every single talk includes techniques, strategies, and tools that you can apply directly in your own job to get more business value out of penetration tests and vulnerability assessments. Given the PCI-DSS and other compliance requirements for vulnerability assessments and penetration testing, the Summit will focus on efficient and effective testing that measures real business risk. We also cover numerous techniques for ensuring success in the follow-up to an assessment, in crafting and applying recommendations to improve security while meeting business needs.
• At some of the larger hacker conferences, it can be difficult to get to know other attendees and the speakers as you get lost in the shuffle. With detailed sessions, informal breaks, and evening events, this Summit is organized to support networking with other like-minded penetration testing and vulnerability assessment professionals, building relationships, participating in the community, and sharing best practices.
• Got a burning question for the authors of a particular free or commercial assessment tool that you want to ask face to face? The friendly, professional atmosphere of this Summit is designed for just such interactions, allowing attendees to get immense value for their time.
• At some other conferences associated with computer attacks, only a third to a half of the talks are worthwhile. For the Penetration Testing and Vulnerability Assessment Summit, each speaker and topic has been carefully selected to ensure that the information covered is high-quality, relevant, and directly useful to attendees in their jobs.
• With the recent rise in the number of major web application attacks, the Pen Test Summit will also offer detailed sessions on the latest penetration techniques for finding web application flaws, determining the often serious business risks associated with them, and applying best practices in your defenses.

Who Should Attend?

• In-house Enterprise Penetration Testers
• Vulnerability Assessment Personnel
• People who Procure Pen Tests
• Third-Party Penetration Testers

Topics To Be Addressed

• Ten technical tips most penetration testers don't know... but should
• The latest web app manipulation tactics and brand-new tools to help automate discovery and exploitation
• Late-breaking wireless vulnerabilities and how to test for them in an operational environment
• Incorporating physical and social engineering testing to measure compliance more thoroughly
• New tools for the toolbox based on best-of-breed free and commercial offerings
• Time-saving techniques to accomplish more testing in less time
• Advice on the best scripting languages for pen testers to master and insight on test automation
• Specific criteria for evaluating penetration testing companies to determine the quality of their testing regimen