Difference between revisions of "OWASP Bucharest AppSec Conference 2017 Training1"

Revision as of 18:10, 31 July 2017

Training
Time	Title	Trainers	Description
1 day training 13th of October daily: 9:00 - 17:00	OWASP Top 10 vulnerabilities – discover, exploit, remediate	Adrian Furtună – Founder & Ethical Hacker – VirtualStorm Security and Ionuţ Ambrosie – Security Consultant – KPMG Belgium	Description: The overall objective of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. We will discuss each type of vulnerability described in the OWASP Top 10 project and will teach participants manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be introduced during the workshop. This is a hands-on workshop where participants will learn how to: Built a threat model for the target application Perform web app recon Discover SQL injection and exploit it to extract information from the back-end database Find OS command injection and exploit it to execute arbitrary commands on the target server Discover Cross-Site Scripting and exploit it to gain access to another user’s web session Spot XML External Entity vulnerabilities and use them to read arbitrary files from the server Identify Local File Inclusion and exploit it to gain remote command execution Find Cross-Site Request Forgery and exploit it to gain access to the admin panel Detect standard components of web apps containing known vulnerabilities and exploit them Moreover, we will discuss ways in which security can be better integrated into the software development lifecycle and how the OWASP Top 10 vulnerabilities can be avoided, identified early on or mitigated before they reach production environments. Intended audience: Web application developers, penetration testers, information security professionals, quality assurance personnel, web security enthusiasts Skill level: The course assumes basic knowledge about the inner workings of the web and some web programming skills Requirements: Laptop with a working operating system At least 2 GB of free disk space and at least 2 GB RAM Administrative rights on the laptop VMWare Player installed Seats available: 20 (first-come, first served) Price: 400 euros/person Register here
1 day training 13th of October daily: 9:00 - 17:00	Time critical DFIR: Key playbooks, techniques and tools for time-pressured investigations of security incidents	Teodor Cimpoesu - Senior Manager Cyber Risk Advisory	Description: This course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks. Topics: Use of a wide range of best-of-breed open-source tools to perform incident response and digital forensics Threat hunting techniques that will aid in quicker identification of breaches Rapid incident response analysis and breach assessment Incident response and intrusion forensics methodology Rapid and deep-dive timeline creation and analysis Discovery of unknown malware on a system Cyber-kill chain strategies Intended audience: Digital Forensic Analysts, IR Team Members, Penetration Testers, Exploit Developers, Red Team members Skill level: Prior minimum Cybersecurity experience. Requirements: This course will contain a hands-on component, so attendees should bring their own laptop with at least 4 GB RAM, i5 processor, 40 GB available storage, virtualization software (VMware Workstation Player). Seats available: 20 (first-come, first served) Price: 500 euros/person Register here

@@ Line 39: / Line 39: @@
 | style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Time critical DFIR: Key playbooks, techniques and tools for time-pressured investigations of security incidents<br>
-| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  [https://ro.linkedin.com/in/cteodor Teodor Cimpoesu]
+| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |  [https://ro.linkedin.com/in/cteodor Teodor Cimpoesu] - Senior Manager Cyber Risk Advisory
 | style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' This course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks.<br>
@@ Line 50: / Line 50: @@
 *Discovery of unknown malware on a system
 *Cyber-kill chain strategies
-<br>
+'''Intended audience:''' Digital Forensic Analysts, IR Team Members, Penetration Testers, Exploit Developers, Red Team members <br>
-'''Intended audience:'''Digital Forensic Analysts, IR Team Members, Penetration Testers, Exploit Developers, Red Team members <br>
+'''Skill level:	''' Prior minimum Cybersecurity experience.  <br>
-'''Skill level:	'''Prior minimum Cybersecurity experience.  <br>
+'''Requirements:''' This course will contain a hands-on component, so attendees should bring their own laptop with at least 4 GB RAM, i5 processor, 40 GB available storage, virtualization software (VMware Workstation Player).<br>
-'''Requirements:'''This course will contain a hands-on component, so attendees should bring their own laptop with at least 4 GB RAM, i5 processor, 40 GB available storage, virtualization software (VMware Workstation Player).<br>
 '''Seats available:	'''20 (first-come, first served)<br>
 '''Price:	'''500 euros/person <br>

Difference between revisions of "OWASP Bucharest AppSec Conference 2017 Training1"

Revision as of 18:10, 31 July 2017

Training

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools