A friend of mine, Damon (@dacort) recently put together a formal class to illustrate some of the vulnerabilities he’s found.
This class was geared more towards php and rails rather than a sort of ‘introduction to personal security’, and went over things like cross site scripting, cross site request forgery, sql injection, and using really neat tools that I didn’t know about to enumerate databases behind vulnerable web apps.
REALLY REALLY neat stuff. If you’ve been to any of my talks, you should watch Damons.
He can be found over at startupsecurity.info
StartPad Countdown 2 – Startup Security: Hacking and Compliance in a Web 2.0 World
View SlideShare presentation