This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bucharest AppSec Conference 2017 Training2"

From OWASP
Jump to: navigation, search
 
(11 intermediate revisions by the same user not shown)
Line 36: Line 36:
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Price: 400 euros/person'''<br>
 
'''Price: 400 euros/person'''<br>
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 2 days training <br> 11th and 12th of October <br> daily: 9:00 - 17:00<br><br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Advanced Mobile Security Training<br>
 
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Nikhil P Kulkarni and Ravi Kumar
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br>
 
The knowledge of Mobile Security, especially Android has become essential in securing today’s digital environment. This workshop is developed to introduce and bring hands on experience of the exciting and growing field of Android Pentesting and its Security Essentials.<br>
 
Upon completing this course, the participants are expected to:
 
* Gain a set of techniques focused on the use of vendor-neutral, open source tools, Develop the skills to capture suspicious data.
 
* Discern unusual patterns hidden within seemingly normal applications.
 
* Understand the basics of Android Security Architecture.
 
* Get trained enough to start into Mobile Pentesting as the new generation Mobile Security Researcher.
 
* Get prepared for active research at the forefront of these areas.
 
Throughout the course, real-world examples in conjunction with numerous hands-on exercises will provide android pentesting & analysis skills.<br>
 
Outline: Android Security
 
* Module 1
 
*# Intro to Android
 
*# Android Security Architecture
 
*# Android application structure
 
*# Signing Android applications
 
*# Android Debug Bridge
 
*# Understanding Android file system
 
*# Permission Model Flaws
 
 
* Module 2
 
*# Understanding Android Components
 
*# Introducing Android Emulator
 
*# Introducing Android AVD
 
 
* Module 3
 
*# Proxying Android Traffic
 
*# Reverse Engineering for Android Apps
 
*# Dex Analysis and Obfuscation
 
 
* Module 4
 
*# Attack Surfaces for Android applications
 
*# Exploiting Local Storage
 
*# Exploiting Weak Cryptography
 
*# Exploiting Side Channel Data Leakage
 
*# Root Detection and Bypass
 
*# Exploiting Weak Authorization mechanism
 
*# Identifying and Exploiting Flawed Broadcast Receivers
 
*# Identifying and Exploiting Flawed Intents
 
*# Identifying and Exploiting Vulnerable Activity Components
 
*# Exploiting Backup and Debuggable apps
 
*# Dynamic Analysis for Android Apps
 
*# Analyzing Proguard, DexGuard and other Obfuscation Techniques
 
<br>
 
'''Intended audience:''' This workshop is essential to information security, mobile security & risk management, loss prevention, corporate security and law enforcement personnel interested in Mobile Security. e.g. Security professionals, who possess basic general security knowledge. Personnel who have working knowledge of android security and pentesting and want to gain experience in the end-to-end mobile security process can attend this training.<br>
 
'''Skill level: ''' intermmediate - advanced<br>
 
'''Requirements: Attendees must bring their laptop (with administrative privileges) to run all the tools and software. The laptop should atleast have 6 GB RAM and 100 GB of Hard Disk Space. The Laptop must have Java, VirtualBox, PuTTY pre-installed.'''
 
<br>
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Price: 1000 euros/person'''<br>
 
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
|}
 
|}

Latest revision as of 08:29, 2 October 2017

Training

Time Title Trainers Description
2 days training
11th and 12th of October
daily: 9:00 - 17:00

 Assessing and securing applications using the OWASP ASVS (Application Security Verification Standard)
 Oana Cornea Description:

The focus of this training will be on how to build secure applications and how to evaluate them using real world scenarios. The attendees will learn the concepts solving exercises and using various OWASP resources like the OWASP ASVS (Application Security Verification Standard) and the OWASP Testing Guide. Topics covered:
Day 1:

  • Architecture design and threat modelling
  • Authentication Flaws
  • Session Management Flaws
  • Access Control Verification Requirements
  • Input Handling and Output Encoding/Escaping

Day 2:

  • Cryptography at Rest
  • Error Handling and Logging
  • Data Protection Verification
  • Communications Security
  • Business Logic Verification Requirements
  • Files and Resources
  • Mobile Security
  • Web Service Security


Intended audience: This training is suitable for developers, quality assurance, code reviewers and penetration testers
Skill level: Beginner - intermediate
Requirements: Basic web knowledge; laptop with at least 4GB RAM and virtualization software (VMware Workstation Player).
Seats available: 20 (first-come, first served)
Price: 400 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Training2&oldid=233964"