General Discussions

#1 (permalink)

Hello there,

Our company is planning a new venture under which we are developing a ethical hacking training course. Im not here to sell you any product, just need your feedback on a few questions.

NASSCOM has predicted a demand of 188,000 Security professionals by 2008.

Would you be interested in learning about Information Security & Ethical Hacking through professional Distance Learning courses to make a career in the field? The course will be accredited by a couple of international organisations.

Also, How much do you think should be the price for a distance learning program which teaches you ethical hacking?

Your feedback is highly appreciated.

#2 (permalink)

Well, for starters, what are you applying the term "ethical hacking" to? Reverse engineering a file format so you can support it and make your users happy? DNS poisoning? Tinkering around with things on your own computer to see how the pieces fit together? Hacking covers a pretty broad range of activities, and on top of that, different people have wildly different ideas of what ethical means. So "ethical hacking" really doesn't mean anything at all - to give you any advice, we need to know what you mean by that term.

And as far as what should you charge, what will you teach your students to do?

#3 (permalink)

The course covers almost everything related to hacking. From Footprinting to SQL Injection, Google hacking to Social engineering, DNS poisioning, Brute force etc.

After doing the course, one will have to complete an online exam aswell. As I said above the course is accredited by international organisations.

It is quite a big venture we are starting, funded by a venture capitalist.
The R&D Team which is developing the project cosists of 11 members who have on average around 8-9 years of experience. The Virtual Classroom programme is being developed since November Last year. Out of these 11 people, 4 are from IIT and one is from MIT as far as I know.

#4 (permalink)

I think that's a dangerous idea.

"I'm going to give you a gun, show you where on the human body you can aim it to kill people, and then tell you not to shoot it at anyone but let them know that they're vulnerable."

Sooner or later, someone's going to use the knowledge you give them (assuming it's good knowledge) for evil rather than good. It's a matter of when, not if.

I'd like the idea if the people using it could be trusted. We no longer live in a society where that's possible, though.

__________________

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
(my blog)


Please login or register to view this content. Registration is FREE
(with proof)

#5 (permalink)

Youve made a valid point and we have though about it before developing the course. Please keep in mind we are teaching ethical hacking. The course lays emphasis on only thinking like a hacker and saving your computers or network.

Most of the people doing the course would be either already professionals or future professionals, so I really dont think they will misue the information.

#6 (permalink)

I think that you mised it.

#7 (permalink)

I agree you can never be sure of what a person does with the knowledge he has. But as I said above, The course is made from the point of view of protecting a network or server. It is more sort of job oriented. Yes, some part of the information can be misused too but its like knowing how to use a gun. Cops use it and thieves too. Moreover, there are many other course which are even more dangerous but you cannot help it.

The course aims at creating Information security professionals. Information Security for corporates is very important and you have to teach such stuff otherwise if they do not have the knowledge, they would be helpless against the actual bad guys.

Infact, the first chapter/topic of the course is 'Legality'.

#8 (permalink)

The main job of ethical hackers is to do penetration testing.
Its more like "You know how to use a gun, you find the weak points in your own body where someone can shoot you and then shielding those points."

#9 (permalink)

These "qualifications" aren't taken seriously by employers.

It sounds like typical script kiddy stuff. Employers want Linux/SQL/PHP gurus, Not someone who has seen an example of an SQL injection, Can copy and paste it and still doesn't know what causes it or how to protect against it.

__________________

#10 (permalink)

Well it depends upon employer to employer but as per our industry interaction commitee, its the qulifications which counts. Im taking about MNCs here. Offcourse, the qualification has to be a good one too. CEH can be taken for example.

Just like every professional course, we will be doing the in-depth study about every subject. Importance would be laid on practicals but at the same time, theory plays an important part too. Say for SQL injection, we will also be studying, how the vulnerability works, how can one protect it, input validation etc.

I guess it will be better to develop a demo of the course which features some part of the real course to actully show what the course is.

#11 (permalink)

The best way to defend against a SQL Injection is to use stored procedures which take all input as parameters, so that the right input can't change the meaning of a generated query. Input validation isn't really a great way to go here. It leaves you vulnerable to things you didn't imagine, takes extra work, and doesn't have a lot of the other befits that come with procs. Client-scripting the validation can save network traffic, but also relies on javascript on the client.

How will you select students? Will you take anyone who can pay, or will you be selective, like a college?

Personally, I see a lot of value in studying how systems are broken, and how to mitigate problems.

__________________

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE

#12 (permalink)

Well Im not the technical guy but the course is really in-depth and Im sure it will have all the provisions.

There are two options -
1. People who are already professionals and have proof of experience.
2. Interview for people who want to be professionals in the field.

It may not be a good idea to implement client end scripting since it is highly vulnerable. The user can very well change/remove the code.