This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bucharest AppSec Conference 2017 Training2"

From OWASP
Jump to: navigation, search
(tr)
 
 
(18 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 12th, 13th of October<br>daily: 9:00 - 17:00<br><br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 11th and 12th of October <br> daily: 9:00 - 17:00<br><br>
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Droid-Sec Exploitation<br>
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Assessing and securing applications using the OWASP ASVS (Application Security Verification Standard)<br>
  
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  [https://in.linkedin.com/in/blessen-thomas-29549614 Thomas Blessen]
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  Oana Cornea
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br> The Droid-Sec Exploitation training will enable attendees to master various android application penetration testing techniques and exploitation methods.<br>
+
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br>  
The training focuses on practical hands-on exercises on several dedicated vulnerable apps, with the basic theory explained prior to the Do-ItYourself mind-bending exercises, enabling the attendee to test his acquired skills during the training.<br>
+
The focus of this training will be on how to build secure applications and how to evaluate them using real world scenarios. The attendees will learn the concepts solving exercises and using various OWASP resources like the OWASP ASVS (Application Security Verification Standard) and the OWASP Testing Guide.
This two-day fast paced brain-melting revamped flag-ship training program will include subjects covered from setting up Android pentest environment, Identifying and exploiting application vulnerabilities in a variety of mobile application architectures, relevant mobile forensics ,malware analysis concepts, and complementary subjects.<br>
+
Topics covered:<br>
'''Intended audience:'''
+
Day 1:
*Android Developers
+
*Architecture design and threat modelling
*Information Security Professionals
+
*Authentication Flaws
*Mobile Application Vulnerability Analyst /Auditors
+
*Session Management Flaws
*Mobility, Mobile Security & Operations Team
+
*Access Control Verification Requirements
*Pen testers and Security professionals interested to get into Android Security <br>
+
*Input Handling and Output Encoding/Escaping
'''Skill level: ''' Basic - Intermediate <br>
+
Day 2:
'''Requirements:'''
+
*Cryptography at Rest
*Students could be familiar with below topics but not mandatory
+
*Error Handling and Logging
*Skill level required is basic
+
*Data Protection Verification
*Common security concepts or common web security issues
+
*Communications Security
*Basic knowledge of the Linux OS and network security basics
+
*Business Logic Verification Requirements
 +
*Files and Resources
 +
*Mobile Security
 +
*Web Service Security
 +
<br>
 +
'''Intended audience:''' This training is suitable for developers, quality assurance, code reviewers and penetration testers<br>
 +
'''Skill level: ''' Beginner - intermediate <br>
 +
'''Requirements: Basic web knowledge; laptop with at least 4GB RAM and virtualization software (VMware Workstation Player).'''
 
<br>
 
<br>
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Seats available: '''20 (first-come, first served)<br>
'''Price: '''800 euros/person <br>
+
'''Price: 400 euros/person'''<br>
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
|-
 
 
|}
 
|}

Latest revision as of 08:29, 2 October 2017

Training

Time Title Trainers Description
2 days training
11th and 12th of October
daily: 9:00 - 17:00

 Assessing and securing applications using the OWASP ASVS (Application Security Verification Standard)
 Oana Cornea Description:

The focus of this training will be on how to build secure applications and how to evaluate them using real world scenarios. The attendees will learn the concepts solving exercises and using various OWASP resources like the OWASP ASVS (Application Security Verification Standard) and the OWASP Testing Guide. Topics covered:
Day 1:

  • Architecture design and threat modelling
  • Authentication Flaws
  • Session Management Flaws
  • Access Control Verification Requirements
  • Input Handling and Output Encoding/Escaping

Day 2:

  • Cryptography at Rest
  • Error Handling and Logging
  • Data Protection Verification
  • Communications Security
  • Business Logic Verification Requirements
  • Files and Resources
  • Mobile Security
  • Web Service Security


Intended audience: This training is suitable for developers, quality assurance, code reviewers and penetration testers
Skill level: Beginner - intermediate
Requirements: Basic web knowledge; laptop with at least 4GB RAM and virtualization software (VMware Workstation Player).
Seats available: 20 (first-come, first served)
Price: 400 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Training2&oldid=233964"