From SANS Newsletter:
A Taste of SANS Security 660 – Exploit-Writing in a Modern World (Part III of III)
WHEN: Tuesday, March 15, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Stephen Sims
In part III of this webcast series Security 660 lead-author Stephen Sims will explain and demonstrate techniques used to discover and exploit bugs in Linux and Windows. Days four, five, and six in SANS SEC660 dive deep into discovering and writing exploits, accounting for modern OS controls such as data execution prevention (DEP), address space layout randomization (ASLR), stack/heap canaries, and many others. A senior penetration tester is often the final line of defense before deeming a technology or solution as reasonably secure and acceptable for deployment. Product security testing is a growing practice, and the skill-level of both the competition and the bad guys is growing every day. If an exploit module in Core Impact or Metasploit fails, is it due to an OS control? Can it be defeated? Don’t let the bad guys answer it for you!
Visit us on part III of this webcast trilogy on Tuesday March 15 (The Ides of March) to jump-start your skills for discovering bugs and exploiting vulnerabilities, and to get a sampling of the topics covered in SANS SEC660.
Legal Practices and Expectations for Data Security and Investigations
WHEN: Friday, March 18, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Ben Wright
Legal practices and expectations for electronic data are changing.
Lawmakers around the world are enacting demanding new laws for security, at a time when the threats to enterprise data (hackers, corporate spies, disgruntled employees) are rising and emerging technologies like cloud computing shift the playing field. E-data are becoming central to the resolution of lawsuits, internal investigations and law enforcement actions. As a consequence, all enterprises face a growing need for a more professional and sophisticated IT security team. In this webcast, Mr. Wright will survey the big trends in data law and interpret what they mean for the modern enterprise
Managing Insiders (Contractors, Vendors and Employees) in SCADA Environments
WHEN: Wednesday, March 23, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Jonathan Pollet, Matthew E. Luallen, Lior Frenkel, Walter Sikora, & Ansh Patnaik
Sponsored By: ArcSight, an HP Company http://www.arcsight.com/, Industrial Defender http://www.industrialdefender.com/, and Waterfall Security http://www.waterfallsecurity.com/
This webcast will include discussion around the policies and controls needed to protect against insider threat specific to utility control networks, including access controls, application controls/whitelisting, end point controls, centralized logging, and security information event management. Key insight will be gained from security professionals involved in auditing SCADA and other utility control systems.
Web 2.0 Security: Same Old But Different
WHEN: Thursday, March 24, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Johannes Ullrich & Eric Crutchlow
Sponsored By: SONICWALL http://www.sonicwall.com/
Web browsers have become a lot more then engines to render images and html. Instead, web browsers now execute code and provide rich user interfaces to interact with web services, a technology frequently called “Web 2.0”. What we have not yet figured out is how this new web application paradigm changes how we need to secure these applications.
More code will be executed outside of the server fortress and more data will be exchanged between client and server. We will discuss some of the application security issues that have to be considered and how things have changed and not changed with Web 2.0.
EMEA Audience Webcast: Improve Firewall Security Odds: Prevent Misconfigurations and Compliance Concerns by Automating Firewall Audits
WHEN: Thursday, April 07, 2011 at 9:00 AM ET (1300 UTC/GMT) SPECIAL TIME FOR EMEA AUDIENCE
FEATURING: Michelle Cobb, VP of Marketing, Skybox Security
Are your firewalls configured to block threats and keep you in compliance? Do you spend too much time analyzing firewall rule changes and access problems? Join Michelle Cobb, VP of Product Marketing at Skybox Security to learn what automated firewall analysis can do for your organization.
Internet Storm Center: Threat Update
WHEN: Wednesday, April 13, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: Johannes Ullrich
Sponsored By: Core Security http://www.coresecurity.com/
This monthly webcast covers recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period.
Analyst Webcast: Addressing the Top 20 Critical Security Controls with SIEM
WHEN: Thursday, April 14, 2011 at 1:00 PM ET (1700 UTC/GMT)
FEATURING: James Tarala and Ansh Patnaik
Sponsored By: ArcSight, and HP Company http://www.arcsight.com/
In this webcast, the SANS analyst responsible for co-developing the Top
20 guidelines (and current but minor guideline updates), will discuss the development of the Top 20 controls. He will also discuss how SIEM can be applied to some of the key security and compliance challenges government agencies are struggling with.
Register for this webcast and be among the first to receive an advance copy of the associated whitepaper also written by James Tarala.