KRvW Associates, LLC is pleased to announce a partnership with the Saltbush Group. Following recent training for the Department of Education, Employment and Workplace Relations (DEEWR), Ken received the following kind words from one of the students in the class:

"Ken van Wyk runs an up-to-date comprehensive course that I would highly recommend it to anyone in this area.

He presents with years of experience and stories, in a friendly, down-to-earth fashion, adjusting his presentation style to the audience. In the course, he presents a balanced approach and explains the cost-benefits of mitigation controls. He never gets carried away and reminds us of the real goal, which is to serve busines. He doesn't try to push any particular vender, technology or system. Nor does he try to sell you any of his books but he will be glad to sign them if you do.

I learnt a lot and really enjoyed the course. Thanks Ken!"

Good news. We’ve added a 1-day optional addition to our 3-day web application security class.

This optional day includes 3 in-depth coding labs for software developers to fine tune their Java EE skills. The labs include patching existing Java EE code to make it resilient to cross-site scripting (XSS) and SQL injection flaws, as well as adding various role-based access control code to some existing web servlets.

Additionally, in this 1-day add-on, students will get hands-on exposure to a commercial static code analysis tool by analyzing some existing open source Java software.

See our course descriptions for more details, or contact us directly.

By popular demand, we’ve recently added a hands-on 3-day workshop on intrusion detection and prevention systems. See our course descriptions for details.

Our 2009 speaking calendar is taking shape quickly. We have several Q1 commitments already, and several others in the works for Q2 and beyond.

Here’s quick look at some of what we’ll be doing in Q1 and early Q2:

• Ken will be doing a 1-day tutorial on web application security essentials -- inside the OWASP Top-10 -- at ESSoS | International Symposium on Engineering Secure Software and Systems, in Leuven, Belgium, 04-06 February 2009.
• Again for 2009, Ken will be on the faculty for the annual SecAppDev 2009 seminar in Leuven, Belgium, 02-06 March 2009.
• Ken will present a 1/2-day tutorial at SD West 2008, in Santa Clara, California, 09-13 March 2009.

• Ken will be presenting a 3-day in-depth seminar on Intrusion Detection and Prevention for AdAstra, in Singapore, Singapore, 23-25 March 2009.

• Continuing our strong support for Technology Transfer S.r.l., Ken will be teaching an in-depth 3-day seminar on Building Secure Web Applications in Java/J2EE, in Rome, Italy, 27-29 April 2009.
• LATE BREAKING: Ken will be doing a 1-day tutorial on the OWASP Top-10 security issues at AusCERT2009, in Brisbane, Australia, 17-22 May 2009.

If you’re looking for in-depth technical training at your conference or internally at your company, please don’t hesitate to contact us. We’ll gladly work with you to put together a tailored offering that fits perfectly with your needs.

We’ve started this “blog” format page for KRvW-related announcements, upcoming events, etc. Feedback is always welcome.

Ken