This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bucharest AppSec Conference 2017 Training1"

From OWASP
Jump to: navigation, search
(edit2)
 
(4 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 13th of October<br>daily: 9:00 - 17:00<br><br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 11th of October<br>daily: 9:00 - 17:00<br><br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP Top 10 vulnerabilities – discover, exploit, remediate<br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP Top 10 vulnerabilities – discover, exploit, remediate<br>
  
Line 34: Line 34:
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Price: '''400 euros/person <br>
 
'''Price: '''400 euros/person <br>
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 13th of October<br>daily: 9:00 - 17:00<br><br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Time critical DFIR: Key playbooks, techniques and tools for time-pressured investigations of security incidents<br>
 
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  [https://ro.linkedin.com/in/cteodor Teodor Cimpoesu]
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' This course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks.<br>
 
 
Topics:
 
*Use of a wide range of best-of-breed open-source tools to perform incident response and digital forensics
 
*Threat hunting techniques that will aid in quicker identification of breaches
 
*Rapid incident response analysis and breach assessment
 
*Incident response and intrusion forensics methodology
 
*Rapid and deep-dive timeline creation and analysis
 
*Discovery of unknown malware on a system
 
*Cyber-kill chain strategies
 
<br>
 
'''Intended audience:'''Digital Forensic Analysts, IR Team Members, Penetration Testers, Exploit Developers, Red Team members <br>
 
'''Skill level: '''Prior minimum Cybersecurity experience.  <br>
 
'''Requirements:'''This course will contain a hands-on component, so attendees should bring their own laptop with at least 4 GB RAM, i5 processor, 40 GB available storage, virtualization software (VMware Workstation Player).<br>
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Price: '''500 euros/person <br>
 
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
|-
 
|-
 
|}
 
|}

Latest revision as of 08:29, 2 October 2017

Training

Time Title Trainers Description
1 day training
11th of October
daily: 9:00 - 17:00

 OWASP Top 10 vulnerabilities – discover, exploit, remediate
 Adrian Furtună – Founder & Ethical Hacker – VirtualStorm Security and
Ionuţ Ambrosie – Security Consultant – KPMG Belgium 		Description: The overall objective of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.

We will discuss each type of vulnerability described in the OWASP Top 10 project and will teach participants manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be introduced during the workshop. This is a hands-on workshop where participants will learn how to:

  • Built a threat model for the target application
  • Perform web app recon
  • Discover SQL injection and exploit it to extract information from the back-end database
  • Find OS command injection and exploit it to execute arbitrary commands on the target server
  • Discover Cross-Site Scripting and exploit it to gain access to another user’s web session
  • Spot XML External Entity vulnerabilities and use them to read arbitrary files from the server
  • Identify Local File Inclusion and exploit it to gain remote command execution
  • Find Cross-Site Request Forgery and exploit it to gain access to the admin panel
  • Detect standard components of web apps containing known vulnerabilities and exploit them

Moreover, we will discuss ways in which security can be better integrated into the software development lifecycle and how the OWASP Top 10 vulnerabilities can be avoided, identified early on or mitigated before they reach production environments.
Intended audience: Web application developers, penetration testers, information security professionals, quality assurance personnel, web security enthusiasts
Skill level: The course assumes basic knowledge about the inner workings of the web and some web programming skills
Requirements:

  • Laptop with a working operating system
  • At least 2 GB of free disk space and at least 2 GB RAM
  • Administrative rights on the laptop
  • VMWare Player installed

Seats available: 20 (first-come, first served)
Price: 400 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Training1&oldid=233963"