This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bucharest AppSec Conference 2018 Workshops"

From OWASP
Jump to: navigation, search
Line 7: Line 7:
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br> '''4 hours:'''<br>begins at 10:00 <br>''' '''<br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br> '''3,5 hours:'''<br>begins at 09:00 <br>''' '''<br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Automated CI Pipelines using ZAP, Docker and static code analysis
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Automated CI Pipelines using ZAP, Docker and static code analysis
  
Line 26: Line 26:
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Seats available: '''20 (first-come, first served)<br>
 
'''Price: '''free <br>
 
'''Price: '''free <br>
[ Register here]
+
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2018-tickets-47960216298 Register here]
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br><br> '''3 hours:'''<br>begins at 13:30 <br>''' '''<br>
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br><br> '''3 hours:'''<br>begins at 13:30 <br>''' '''<br>
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br>
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OAuth and OpenID Connect best practices<br>
  
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | [https://www.linkedin.com/in/johanpeeters Johan Peeters]
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''
 
'''Intended audience:''' <br>
 
'''Intended audience:''' <br>
Line 41: Line 41:
 
'''Seats available:'''<br>
 
'''Seats available:'''<br>
 
'''Price: '''free <br>
 
'''Price: '''free <br>
[Register here]
+
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2018-tickets-47960216298Register here]
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Workshop <br> 25th of October<br> '''3 hours:'''<br>begins at 9:30 <br>''' '''<br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | <br>
 
 
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br>
 
'''Prerequisites:'''
 
*
 
*
 
*
 
'''Software Requirements:'''
 
*
 
*
 
'''Seats available: '''<br>
 
'''Price: '''free <br>
 
[Register here]
 
 
|}
 
|}

Revision as of 17:21, 16 August 2018

Workshop

Time Title Trainers Description
Workshop
25th of October
3,5 hours:
begins at 09:00

Automated CI Pipelines using ZAP, Docker and static code analysis Spyros Gasteratos Description: In this workshop we will go through customizing ZAP's docker images and some static code analysis scripts to work with GitLab CI so that it automatically tests the deployed web application.

Moreover we will write an example ZAP orchestration script to better test specific parts of the example application.
Last, we will create Docker containers of two static code analysis scripts so that we can easily integrate them into the CI pipeline.
We will go through:

  • Configuring GitLab CI to work with ZAP.
  • Configuring the testing harness to work with ZAP
  • Writing orchestration scripts to better test specific part of the application.
  • Package extra tooling so that we better test the committed codebase

At the end of the workshop the attendees will have example configuration files, orchestration scripts, rules and Dockerfiles for all tools used. Intended audience: security engineers, developers, pentesters
Skill level: beginner - intermediate
Requirements: a laptop with Virtual Box installed
Seats available: 20 (first-come, first served)
Price: free
Register here

Workshop
25th of October

3 hours:
begins at 13:30

OAuth and OpenID Connect best practices
 Johan Peeters Description:

Intended audience:
Skill level:
Requirements:

Seats available:
Price: free
here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2018_Workshops&oldid=242598"