RE: WebAppSec Training Courses in UK

I don't disagree with most of what you and Glyn said. It was well put and a good debate. Thanks.

My point is that training should be about educating people about the right things to do, not recounting or accepting that people don't do that today. Of course we need to be real but we need to educate executives thats its not good enough to test at the end of a projects lifecycle. Thats a training course that really needs to happen in itself. If we say this is what happens in the real world (its always late, we never have money, no time etc) well never tackle the problem strategically and be in the same place next year.

Fucntional testing was in the same place a few years back but you look at any good dev shops unit test now and you can see how testing can be integrated into dev cycles pretty easily.

Of course there is a place for pen testing. But IMHO its nowhere near the place it is often perceived today. I think we agree on that. This list is frequentled by more pen test types as well I would muse so the responses are skewed. If you ask secprog (and the debate is going on there now) they have a very different focus and if you as CISSP lists I am sure it will be equally skewed.

My point and I think yours is that good training needs to encompass all aspects of web application security. It should be about teaching people the things they need to do, as well as teaching them the things they already do better.

On Wed, 04 Dec 2002 07:39:40 -0800 Craig_Sullivan@Waitrose.co.uk wrote:
>
>Hmmm,

Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 Received on Wed Dec 4 15:19:42 2002