Joe is a also a BruCON 2010 speaker and trainer. He will give a presentation on "You Spent All That Money And You Still Got Owned" next September.
Abstract: This talk will focus on practical methods of identifying and bypassing modern enterprise class security solutions such as Load Balancers, both Network and Host-based Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), and Network Access Control Solutions (NAC).
The goal of this talk is to show IT Personnel the common weaknesses in popular security products and how those products should be configured.He is also giving a pentesting class based on this called Pentesting High Security Environments.
This course will focus on penetration testing techniques that can be used when testing highly secured environments such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies. If you are tired of attacking unpatched Windows 2000 Servers in your hacking courses and want to take a course where you will be attacking new Operating Systems/Applications that are patched, locked down, and protected with an IDS/IPS then this is the course for you.
The first day of the course starts with attacking heavily protected environments from the outside and dealing with Network-Based IDS/IPS. Next is attacking web applications and dealing with Load Balancing, common application security measures in PHP/ASP.NET, and Web Application Firewalls.
The second day covers attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. The last section of the course covers gaining control of Active Directory.Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.
Want to join the OWASP BE Meeting????
June 16th 2010 18h-20h
Location is sponsored by Zenitel Belgium.
Location: Zenitel Belgium, Z.1. Research Park 110 – 1731 Zelli! k, Belgium (same building as http://www.u2u.net/Route.aspx)
* 18h00 - 18h30: Welcome & Refreshments
* 18h30 - 18h45: OWASP Update (by Sebastien Deleersnyder, Zenitel, OWASP Board)
* 18h45 - 20h00: Advanced SQL Injection (by Joe McCray, Learn Security Online)
More information can be found at http://www.owasp.org/index.
WHO should attend?
Anyone interested in Web Application Security (management, security
professionals, developers, students, etc). OWASP Belgium chapter
membership is free. All meetings are free. There are never vendor
pitches or sales presentations at OWASP meetings.
Check our chapter page http://www.owasp.org/index.
meeting details, sign up to the chapter mailing list and introduce
Please send a mail to 'belgium at owasp.org' if you plan to attend,
so we can size the venue appropriately and keep you updated on