OWASP Bucharest AppSec Conference 2018 Training2 - Revision history

Oana Cornea at 09:00, 16 October 2018

2018-10-16T09:00:37Z

RB: Fix typos for the Advanced Web Hacking and Secure Coding

2018-09-16T08:10:52Z

Fix typos for the Advanced Web Hacking and Secure Coding

Oana Cornea: edit6

2018-09-05T17:42:32Z

edit6

Oana Cornea at 19:29, 8 August 2018

2018-08-08T19:29:13Z

Oana Cornea: edit6

2018-08-08T19:28:27Z

edit6

Oana Cornea at 16:33, 29 July 2018

2018-07-29T16:33:26Z

Oana Cornea: Created page with "{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4" | style="width:100%" valign="middle" height..."

2018-07-09T17:52:14Z

Created page with "{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4" | style="width:100%" valign="middle" height..."

New page

{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"
| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | <h2>Training </h2>
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Time'''
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Trainers'''
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training 25th and 26th of October daily: 9:00 - 17:00 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' 
Topics covered: 
Day 1:
*
*
Day 2:
*
*
 
'''Intended audience:''' 
'''Skill level: ''' 
'''Requirements: '''
 
'''Seats available: '''20 (first-come, first served) 
'''Price: 400 euros/person''' 
[ Register here]
|}

@@ Line 6: / Line 6: @@
 | colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" | '''Trainers'''
 | colspan="0" style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" | '''Description'''
 |-
 | colspan="0" style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | 2 days training <br> 24th and 25th of October <br> daily: 9:00 - 17:00<br><br>

@@ Line 1: / Line 1: @@
-{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"
+{| style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4"
-| style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" colspan="6" | <h2>Training </h2>
+| colspan="6" style="width:100%" valign="middle" height="40" bgcolor="#CCCCEE" align="center" | <h2>Training </h2>
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" |  '''Time'''
+| colspan="0" style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" |  '''Time'''
-| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''
+| colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" | '''Title'''
-| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Trainers'''
+| colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" | '''Trainers'''
-| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
+| colspan="0" style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" | '''Description'''
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 24th and 25th of October <br> daily: 9:00 - 17:00<br><br>
+| colspan="0" style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | 2 days training <br> 24th and 25th of October <br> daily: 9:00 - 17:00<br><br>
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Secure Web Applications in Java
+| colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | Secure Web Applications in Java
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/scrissti Cristian Serban] and [https://ro.linkedin.com/in/luciansuta Lucian Suta]
+| colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | [http://ro.linkedin.com/in/scrissti Cristian Serban] and [https://ro.linkedin.com/in/luciansuta Lucian Suta]
-| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' <br>Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications and web services using the Spring Framework? In this course we will look at the security features built into this commonly-used Java framework, how security holes in your application look from the point of view of a hacker, and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build a web application in stages, adding successive layers of functionality and security, and in the process we will develop secure coding testing skills, uncover and protect against some of the most common vulnerabilities in Java code.
+| colspan="0" style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" | '''Description:''' <br>Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications and web services using the Spring Framework? In this course we will look at the security features built into this commonly-used Java framework, how security holes in your application look from the point of view of a hacker, and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build a web application in stages, adding successive layers of functionality and security, and in the process we will develop secure coding testing skills, uncover and protect against some of the most common vulnerabilities in Java code.
 Topics covered:
 Day 1:
@@ Line 25: / Line 25: @@
 [https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2018-tickets-47960216298#tickets Register here]
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 24th and 25th of October <br> daily: 9:00 - 17:00<br><br>
+| colspan="0" style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | 2 days training <br> 24th and 25th of October <br> daily: 9:00 - 17:00<br><br>
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Advanced Web Hacking and Secure Coding
+| colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | Advanced Web Hacking and Secure Coding
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | [https://in.linkedin.com/in/vikramsalunke20 Vikram Salunke]
+| colspan="0" style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" | [https://in.linkedin.com/in/vikramsalunke20 Vikram Salunke]
-| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''Web application are becoming more complex and targets are become more hardened to penetrate. Now a days Load Balancers, Web Application Firewalls (WAF) are very common in infrastructure. So, as a pentester we should improve our skills to defeat modern access controls mechanisms. <br>
+| colspan="0" style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" | '''Description:''' Web applications are becoming more complex and targets are become more hardened to penetrate. Nowadays Load Balancers, Web Application Firewalls (WAF) are very common in infrastructure. So, as a pentester, we should improve our skills to defeat modern access controls mechanisms. <br>
 This hands-on training covers both offensive and defensive approaches to web applications. You’ll learn how to identify vulnerabilities of web applications, how to execute exploit against that vulnerability, how the attacks works, and how to prevent them in the future. This training closes that gap between web application attack and defense. Because as they say - if you want to stop attacker from stealing you data then you must think like one.<br>
-This training starts with the basic web app hacking and then move into more advanced stuff such as bypassing Filters, bypassing Web Application Firewalls(WAF), HTML5 attacks and recent vulnerabilities such as Shellshock, Heartbleed, POODLE, Serialization, SSL Strip etc. You’ll learn how to get shell on the box using web application vulnerabilities as well as how to write secure code so you can avoid that attack.<br>
+This training starts with the basic web app hacking and then moves into more advanced stuff such as bypassing Filters, bypassing Web Application Firewalls(WAF), HTML5 attacks and recent vulnerabilities such as Shellshock, Heartbleed, POODLE, Serialization, SSL Strip etc. You’ll learn how to get shell on the box using web application vulnerabilities as well as how to write secure code so you can avoid that attack.<br>
-This training covers both offensive and defensive approach towards web applications. Firstly training would cover how to use certain attack on web application and then how does this attack happened. So it covers where the developer went wrong and how to write secure code so that the attack would not have happened. It covers various mistakes made by developers and wrote vulnerable code. This training covers how to write secure code in multiple languages such as PHP, Java, C# etc. Lab contains multiple CMS such as Wordpress, Drupal, Joomla and multiple databases such as MySql, SQL Server, MongoDB etc. . Also training contains various client side attacks as well as server side attacks such as XSS, CSRF, SQL Injections etc. <br>
+This training covers both offensive and defensive approach towards web applications. Firstly, the training would cover how to use certain attack on a web application and then how does this attack happened. So it covers where the developer went wrong and how to write secure code, so that the attack would not have happened. It covers various mistakes made by developers who wrote vulnerable code. This training covers how to write secure code in multiple languages such as PHP, Java, C# etc. Lab contains multiple CMS such as Wordpress, Drupal, Joomla and multiple databases such as MySql, SQL Server, MongoDB etc. Also, the training contains various client side attacks as well as server side attacks such as XSS, CSRF, SQL Injections etc. <br>
 Training will teach attendees how to gain shell on the box and how to chain multiple attacks to pwn the entire infrastructure. Training follows Capture The Flag (CTF) approach to attack web applications and compromise the machines. <br>
 After this training, attendees will be able to successfully identify and avoid insecure code and test their web applications for vulnerabilities. Attendees will get to know the difference between vulnerable code and secure code. <br>
@@ Line 83: / Line 83: @@
 * Reading and understanding of PHP
 '''Seats available:	'''20 (first-come, first served)<br>
-'''Price: 650 euros/person'''<br>
+'''Price: 650 Euro / person'''<br>
 [https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2018-tickets-47960216298#tickets Register here]
 |}

@@ Line 21: / Line 21: @@
 '''Requirements: '''laptop, JDK 8+, Maven, ZAP, GIT, some text editor such as Visual Studio Code
 <br>
 '''Seats available:	'''20 (first-come, first served)<br>
 '''Price: 650 euros/person'''<br>
 [https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2018-tickets-47960216298#tickets Register here]
 |}

@@ Line 10: / Line 10: @@
 | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Secure Web Applications in Java
 | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/scrissti Cristian Serban] and [https://ro.linkedin.com/in/luciansuta Lucian Suta]
-| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications and web services using the Spring Framework? In this course we will look at the security features built into this commonly-used Java framework, how security holes in your application look from the point of view of a hacker, and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build a web application in stages, adding successive layers of functionality and security, and in the process we will develop secure coding testing skills, uncover and protect against some of the most common vulnerabilities in Java code.
+| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' <br>Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications and web services using the Spring Framework? In this course we will look at the security features built into this commonly-used Java framework, how security holes in your application look from the point of view of a hacker, and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build a web application in stages, adding successive layers of functionality and security, and in the process we will develop secure coding testing skills, uncover and protect against some of the most common vulnerabilities in Java code.
 Topics covered:
 Day 1:
@@ Line 16: / Line 16: @@
 Day 2:
 * Remember me functionality, LDAP login, OAuth 2.0 login, custom authentication, CORS, SSL, self-signed certificates, Let’s Encrypt, hashing, encryption
 <br>
-'''Intended audience:''' <br>
+'''Intended audience:''' software developers, security people with some programming experience<br>
-'''Skill level:	'''<br>
+'''Skill level:	'''HTTP (intermediate), Java programming (intermediate)<br>
-'''Requirements: '''
+'''Requirements: '''laptop, JDK 8+, Maven, ZAP, GIT, some text editor such as Visual Studio Code
 <br>
 '''Seats available:	'''20 (first-come, first served)<br>

@@ Line 7: / Line 7: @@
 | style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 |-
-| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 25th and 26th of October <br> daily: 9:00 - 17:00<br><br>
+| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 24th and 25th of October <br> daily: 9:00 - 17:00<br><br>
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
+| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Secure Web Applications in Java
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
+| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/scrissti Cristian Serban] and [https://ro.linkedin.com/in/luciansuta Lucian Suta]
-| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br>
+| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications and web services using the Spring Framework? In this course we will look at the security features built into this commonly-used Java framework, how security holes in your application look from the point of view of a hacker, and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build a web application in stages, adding successive layers of functionality and security, and in the process we will develop secure coding testing skills, uncover and protect against some of the most common vulnerabilities in Java code.
-Topics covered:<br>
+Topics covered:
 Day 1:
+* Simple REST API, database access, subresource integrity, CSP, parameter validation, output encoding, form-based login, access control, method security, CSRF
 Day 2:
+* Remember me functionality, LDAP login, OAuth 2.0 login, custom authentication, CORS, SSL, self-signed certificates, Let’s Encrypt, hashing, encryption
-−
 <br>
 '''Intended audience:''' <br>
@@ Line 25: / Line 24: @@
 '''Seats available:	'''20 (first-come, first served)<br>
 '''Price: 650 euros/person'''<br>
-[ Register here]
+[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2018-tickets-47960216298#tickets Register here]
 |}