SANS Network Security 2008

I don't want to come off like a fan boy, but I've been taking training in the information technology arena for more than a dozen years and from a variety of different sources. SANS is better than any other organization I've trained with. In the interest of full-disclosure, I have participated in SANS' Mentor program, but am not an employee nor do I have any affiliation beyond that.

I am currently in Las Vegas at Network Security 2008 attending Web Application Penetration Testing In-Depth developed and taught by Kevin Johnson of InGuardians, developer of BASE, Samurai and many other Open Source projects.

I wasn't sure I should take the course. I've been doing web app pen tests for a while. By no means am I an expert and I don't claim to know all there is to know, but I wasn't sure I would get enough from the course to make it worth my while. I'd say on a scale of one to five, five being an expert, I'm probably almost a four. You should know that one of my many flaws is that I consistently underestimate my abilities.

Day one didn't teach me very many new things about web application pen testing, but there were a few nuggets. However, based on day one, I am confident that over the next three days I will pick up many great insights that make me more effective.

Johnson has put a tremendous effort into the course materials and he may be the best instructor I've ever had. He has a very friendly and knowledgeable approach. He's clearly a subject matter expert, but he has the right amount of self-effacing humor.

Based on what I've seen thus far, being in this course is going to have two great benefits. I will learn to be a better web app pen tester and will learn how to improve my teaching skills.