Information Security Training

Attached are the slides used for a short presentation to Security SIG, August 19, 2010, on the Identity Finder Console use at SAS as well as an overview of some encryption technologies.

Attachment	Size
security-sig-pres-idf-encrypt.ppt	892 KB

The attached slides were part of the presentation on web security I gave to the Philadelphia Area New Media Association (PANMA) in May 2010.  The presentation covered a brief overview of the types of threats that web applications face, how attackers break in, and a brief analysis of some attacker motivations.  The presentation also covered some defensive strategies developers can use to mitigate risk to their web applications.

Attachment	Size
panma.ppt	155 KB

The attached slides were part of my presentation at SecureWorld Philadelphia in May of 2010.  The presentation covered data collected using a customized installation of the Kojoney low interaction SSH honeypot software.  The data was not surprising but we were able to discern interesting trends and devise some effective defensive strategies.

Attachment	Size
kojoney_secureworld.ppt	241 KB

OSSEC (http://www.ossec.net) is a powerful, open source, client-server modeled host based intrustion detection system.  The attached slides were part of my presentation to the Educause Security Professionals conference in April 2010 as well as my presentation at the Infragard Philadelphia day of training in August 2010.

Attachment	Size
ossec.ppt	288.5 KB

The attached slides were originally part of a presentation I delivered for the Wharton Higher Ed Web Symposium.  The presentation was also delivered to the Philadelphia OWASP chapter.  Later, the presentation was extended and refined and presented to a group of Wharton developers.  Please feel free to contact me if you have any questions, comments, or other feedback about the slide deck.

Attachment	Size
security_usability.ppt	990.5 KB

Attached is the power point (.ppt) presentations detailing the contents of the seventh session of the SAS Information Security PHP Code Auditing training. The seventh session covers PHP's session handling as well as an overview of cookies.

Attachment	Size
php-code-auditing7.ppt	147.5 KB

Attached is the power point (.ppt) presentations detailing the contents of the sixth session of the SAS Information Security PHP Code Auditing training. The sixth session covers code auditing strategies and vulnerability report generation. This session dealt specifically with the exercise distributed for the class, including a review of the code and demonstration of the techniques presented in the slides.

Attachment	Size
PHP-code-auditing6.ppt	139 KB

Attached is the power point (.ppt) presentations detailing the contents of the fifth session of the SAS Information Security PHP Code Auditing training. The fifth session covers cross site scripting (XSS) and cross site request forgery (XSRF) vulnerabilities.

Attachment	Size
PHP-code-auditing5.ppt	168 KB

Attached are the three power point (.ppt) presentations detailing the contents of the fourth session of the SAS Information Security PHP Code Auditing training. The fourth session covers the directory traversal, local and remote file include vulnerabilities and arbitrary code execution.

Attachment	Size
PHP-code-auditing4.1.ppt	128 KB
PHP-code-auditing4.2.ppt	157 KB
PHP-code-auditing4.3.ppt	213 KB

Attached is the power point (.ppt) presentation detailing the contents of the third session of the SAS Information Security PHP Code Auditing training. The third session covers the exercise from session 2, along with the tools necessary to complete the project and some SQL injection techniques.

Attachment	Size
PHP-code-auditing3.ppt	2.14 MB