The Austin Project

Have you ever just wanted to sit in a small room with a few likeminded professionals and get some tough questions answered? Ever wanted the right ammunition to tackle the tough web application security issues on your plate? Welcome to The Austin Project. Welcome home.

Overview: The Austin Project is similar to a retreat environment, where the participants will engage in total immersion into the subject matter. Our goal is to engage you in a small group of like-minded individuals and through collaborative learning, bring the collective understanding of the group to the next level. The specific subject matter will include web application security fundamentals, architecture, and design.

The Austin Project is an invitation-only event for current and future security thought leaders, aimed at spawning an on-going collaborative think-tank environment and offering lasting collaborative resources for all participants. Participants can expect to leave this event with new and enhanced skill sets that can benefit them and their employers.

Location: Austin, Texas. Austin is green, and hilly with lakes and rivers surrounding and winding through much of the city. The participants will be staying downtown near the infamous local nightlife of sixth street.

Agenda: There is no set agenda for the class, as it is in fact closer to a think tank than a class, where each individual will be responsible for contributing to the ongoing knowledge of each other individual. The participants will collectively decide both prior and during the five days what they would like to talk about, regarding web application security and surrounding disciplines. It will be a chance to ask tough questions, both of us and of your peers - especially around architecture and secure website design. Do you have a tough business/technology problem that you can't seem to solve? Bring it with! This is your chance to get your questions, no matter how big or small answered in a collaborative team environment. Topics may include:

  • Common vulnerabilities (XSS, SQL Injection, RFI, etc...)
  • Filter evasion (IDS/IPS, regex, etc...)
  • Automated scanners (pros, cons and gotchas)
  • Robots (detection/analysis)
  • Secure flows (sign-in, registration, change password/secret question, user to user communication, etc...)
  • Inter protocol hacking
  • Intranet application security
  • API security
  • Advanced authentication issues (tiered, single sign on, multi-enterprise, 2nd factor, etc...)
  • Password security and alternatives to password authentication
  • Breaking snake oil security and picking good vendors
  • Network architecture for supporting external and intranet web applications
  • Mobile security in web applications
  • Secure database design
  • Building scalable and efficient applications and web pages
  • Responding to and prioritization of security issues
  • Search engine optimization
  • Evaluating a network for flaws (auditing tricks, problems and gotchas)
  • Compliance
  • Productizing security
  • IPv4 - IPv6 web application issues
  • DHTML and JavaScript/AJAX security
  • Globalization/localization issues/conversions
  • Host based security controls
  • Next generation user tracking
  • Alternate attack points
  • Secure logging
  • Browser security
  • Fraud metrics and controls
  • Security methodology
  • Etc...

The actual format of the class and topics covered will vary depending on the interests of the class participants. These are only a sample of potential items and by no means represent everything that can be discussed, depending on the interests and skill level of the participants.

Class size: There is a maximum of 5 participants total for each class. More classes can be scheduled at a later date to accommodate additional need.

Requirements: Why are there requirements for a class? Because this isn't your normal show up, take notes and leave type class. We can get you in touch with people who do this sort of training, if needed. Instead we are focusing entirely on high impact learning in an intimate environment for people who want to learn from Robert Hansen specifically. Participants will have assignments prior to arrival and will work together to solve problems that plague them and their company. Therefore here are the requirements:

  • No cell phones or computers allowed in the class. It's distracting. Free time during lunch and breaks will be provided if needed to catch up. We've looked at both formats and the absence of distraction definitely aids in people's learning and attention.
  • Participants must be fun people. There will be mandatory social time after the classes so that participants can get to know each other better. A good practitioner knows how to socialize with their peers and their executives. This isn't optional. The goal of the social hour is to provide the participants with a small tight knit team who they can rely on after the class is over, and socializing is instrumental to that goal.
  • Participants must sign a non disclosure agreement. Everything that happens in the class stays in the class unless all participants agree otherwise. This will enable the class to speak freely amongst themselves. That said, there will be takeaways and things that can be shared externally with your executive management, if requested.
  • Participants must provide a resume prior with your application so that the class can be tailored to your needs. Sensitive information can be removed, but the more information you provide the better to help us coordinate people's skills and abilities into a more cohesive team.
  • Participants must provide a list of items that you want specifically covered. This will enable us to tailor the class specifically to you and the other four participants. That way it stays relevant and on topic for the entire week.
  • Participants must have at least two years of relevant experience to get anything out of this class. We don't need expert skill level, but participants should be comfortable with website design concepts and related technologies.

Cost: $6,500 US (non-refundable)

Included:

  • Hotel for 5 nights
  • Lunches and dinners
  • Transportation between the hotel and the classroom
  • Learning materials
  • Certificate of completion

Teacher: Robert Hansen has worked in web application security for over a decade, and is considered one of the leading experts in the field. He has presented at numerous security conventions, co-authored a book and is in every way passionate about the field of Internet security.

Goals: Participants should be able to walk out of the class having answered any specific questions asked or covered during the week. The goal is to take above average people who are seeking to dramatically improve their skill and drive them to being experts in their field. Additionally, the participants will be encouraged to continue to communicate after the class has concluded to ensure a tight-knit, self-sufficient, collaborative team that can continue to work through problems.

Dates: Dates will be scheduled around the individual participants' needs.

Interested? Send us an inquiry and we will begin the process of scheduling a class.