WebSec101 is live!

Date June 22, 2009

After some delay, WebSec101 is live!  What is it you ask?

The WebSec101 series introduces the basics of web and application security in easy to digest 20-30 minute webcasts. It aims to give brief introductions to each of the major topics in testing, developing and securing web applications, and points the viewer to more detailed material if interested.

I don’t think this is anything “new” – a lot of this information is already out there – but I’ve found talking to clients and others in the industry that there’s not a lot of easily digestible material out there on this subject in a format that is easy to learn from.  OWASP and the Web Application Security Consortium (amongst others) are a great source of info, but there’s a considerable amount of material to get though and what I’m hearing is that people would like a gentle start to ease them into the subject area and “wet their appetite”.

As the above text says, these are “101 level” (or basic/introduction to those of you outside the US education system) webcasts of about 30 minutes in length and intended to at least give the viewer a start in web application security – something you can sit with a cup of coffee and watch/listen to quickly.  They are not Foundstone’s Ultimate Web Hacking class, but a subset of that material (and no hands-on, instructor-led labs unfortunately), but are free (and released under a Creative Commons license).

I’ve been working on these webcasts for some while now but finally pulled the trigger thanks to the help of some of my colleagues.  I wanted them to be really good, and to release them within a reasonable schedule.  Several things including work getting really busy at the start of the year conspired against me, but it’s best to get them out there, get feedback, and try to keep up.  I have a small buffer of episodes “in the can”, but the plan is to release every 2 weeks on the Foundstone website.

The rest is all in the introduction webcast (HD, LD, Podcast and/or slides).  I’m hoping that through these I will be able to share the knowledge that I have, that of my colleagues in Foundstone, and the security industry at large to a more “general” audience – the “practitioners” one may say.  A lot of the clients that I deal with are not necessarily first-timers to the needs of application security (or they wouldn’t be calling Foundstone), but some guidance along the first steps certainly help and I’ve noticed the clients I work with repeatedly get better and better though education and knowledge (and tools, but that’s a future episode ;) ).  This is a long journey and we’re starting slow with these webcasts, but hopefully we’ll keep these going, at least to cover the major issues and topics I see out there all the time, and who knows – with feedback, ideas, and requests this may go on and on.

I hope you enjoy.

Category Posted in Security

2 Responses to “WebSec101 is live!”

  1. July 6th, 2009 at 7:20 pm

    Websec101 – Episode 3 – Authentication | Mike Andrews said:

    [...] next episode of WebSec101 which covers the topic of authentication has been posted to the Foundstone [...]

  2. July 20th, 2009 at 7:34 am

    Websec101 – Episode 4 - Authorization | Mike Andrews said:

    [...] next episode of WebSec101 which covers the topic of authorization has been posted to the Foundstone [...]


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>