This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

AppSecAsiaPac2012/Training

From OWASP
Revision as of 19:04, 23 February 2012 by Sarah Baso (talk | contribs)

Jump to: navigation, search

The OWASP 2012 Appsec Asia Pacific Conference has been able to secure world class training sessions for all levels of expertise. Questions? Email [email protected]

Course descriptions and Trainer Bios are listed below the schedule


Training Schedule

Training Day 1 - Wednesday - April 11th


 (Time Allocated)  Training Room (1) - 2 Day Course
 (Grand Ballroom 1 - Ground Floor)
 Training Room (2) - 2 Day Courses
 (Grand Ballroom 2 - Ground Floor)
 Training Room (3) - 2 Day Courses
 (Grand Ballroom 3 - Ground Floor)
 Training Room (4) - 1 Day Courses
 (Wharf Room - Level 1)
 Training Room (5) - 1 Day Courses
 (Bridge Room - Level 1)
 Training Room (6) - 1 Day Courses
 (Bridge Room 2 - Level 1)
 7:30 - 9:00 AM


Conference Registration Open - Coffee & Tea Available
 9:00-10:30 AM
 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer:TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 

 10:30-11:00 AM


Break - Morning Tea Coffee & Food to be provided to training.
 11:00-1:00 PM
 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 

 1:00-1:30 PM


Break - Lunch - Provided for attendees in main Expo & Conference Hall - Ground Level
 1:30-3:00 PM
 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer:TBA
 Training Syllabus:

 Secure Coding Course - .NET Secure Coding

 Trainer: Sandeep Nain
 Abstract & Instructor Bio

 3:00-3:30 PM


Break - Afternoon Tea - Coffee & Food to be provided to training
 3:30-5:00 PM


 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 TBA

 Trainer:TBA
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 Secure Coding Course - .NET Secure Coding

 Trainer: Sandeep Nain
 Abstract & Instructor Bio


Training Day 2 - Thursday- April 12th


 (Time Allocated)  Training Room (1) - 2 Day Course
 (Grand Ballroom 1 - Ground Floor)
 Training Room (2) - 2 Day Courses
 (Grand Ballroom 2 - Ground Floor)
 Training Room (3) - 2 Day Courses
 (Grand Ballroom 3 - Ground Floor)
 Training Room (4) - 1 Day Courses
 (Wharf Room - Level 1)
 Training Room (5) - 1 Day Courses
 (Bridge Room - Level 1)
 Chapter Workshop (6) - 1 Day Courses
 (Bridge Room 2 - Level 1)
 7:30 - 9:00 AM


Conference Registration Open - Coffee & Tea Available
 9:00-10:30 AM
 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 Mobile Applications & Security

 Trainer: Prashant Verma
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 OWASP Chapter Workshop


 10:30-11:00 AM


Break - Morning Tea Coffee & Food to be provided to training.
 11:00-1:00 PM
 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 Mobile Applications & Security

 Trainer: Prashant Verma
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 OWASP Chapter Workshop


 1:00-1:30 PM


Break - Lunch - Provided for attendees in main Expo & Conference Hall - Ground Level
 1:30-3:00 PM
 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 Mobile Applications & Security

 Trainer: Prashant Verma
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 OWASP Chapter Workshop


 3:00-3:30 PM


Break - Afternoon Tea - Coffee & Food to be provided to training
 3:30-5:00 PM


 Assessing & Exploiting Web Applications with Samurai-WTF

 Trainer: Justin Searle
 Training Syllabus: Course Abstract

 Hands on Web Application Testing: Assessing Web Apps the OWASP Way

 Trainer: Matt Tesauro
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 Mobile Applications & Security

 Trainer: Prashant Verma
 Training Syllabus:

 TBA

 Trainer: TBA
 Training Syllabus:

 OWASP Chapter Workshop



Two Day Training Courses

Assessing & Exploiting Web Applications with Samurai-WTF

Trainer: Justin Searle
Audience & Level: Novice to intermediate level security professionals: developers, managers, or penetration testers
Date: Wednesday & Thursday, April 11-12

Course Summary:
Course Details & Instructor Bio

Come take the official two-day Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn the latest Samurai-WTF open source tools and as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructors will lead you through the end-to-end process of testing and exploiting several different web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. Primary emphasis of these instructor lead exercises is how to integrate these tools into your own manual testing procedures to improve your overall workflow. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.


Hands on Web Application Testing: Assessing Web Apps the OWASP way

Trainer: Matt Tesauro
Audience: Technical
Level: Basic, Intermediate
Date: Wednesday & Thursday, April 11-12

Course Summary:
The goal of the training session is to teach students how to identify, test, and exploit web application vulnerabilities. The creator and project lead of the OWASP Live CD, now recoined OWASP WTE, will be the instructor for this course and WTE will be a major component of the class. Through lecture, demonstrations, and hands on labs, the session will cover the critical areas of web application security testing using the OWASP Testing Guide v3 as the framework and a custom version of OWASP WTE as the platform. Students will be introduced to a number of open source web security testing tools and provided with hands on labs to sharpen their skills and reinforce what they’ve learned. Students will also receive a complementary DVD containing the custom WTE training lab, a copy of the OWASP Testing Guide, handouts and cheat-sheets to use while testing plus several additional OWASP references. Demonstrations and labs will cover both common and esoteric web vulnerabilities and includes topics such as Cross-Site Scripting (XSS), SQL injection, CSRF and Ajax vulnerabilities. Students are encouraged to continue to use and share the custom WTE lab after the class to further hone their testing skills.


The training will include labs so laptops will be required by the attendees. A custom version of OWASP WTE will be provided to each student which will contain all the necessary tools and applications to test. Strictly speaking, Internet access and/or wireless won't be required since each laptop will be self-sufficient. However, Internet access may be useful for expounding on class discussion. The custom WTE lab environment will run on Windows, Mac OS X and Linux. A recent laptop with sufficient disk space and RAM to run a virtual machine will be required to run the labs. Both VMware and VirtualBox are supported.


Matt Tesauro has worked in web application development and security since 2000. He has worn many different hats, from developer to DBA to System Administrator to Penetration Tester. Matt also taught graduate and undergraduate classes on web application development and XML at Texas A&M University. Currently, he's focused on application security risk assessments at Praetorian. Outside work, he is the project lead for the OWASP Live CD / WTE, a member of the OWASP Foundation board, and part of the Austin OWASP chapter leadership. Matt Tesauro has a B.S. in Economics and a M.S in Management Information Systems from Texas A&M University. He is also has the CISSP, CEH (Certified Ethical Hacker), RHCE (Red Hat Certified Engineer), and Linux+ certifications.


One Day Training Courses

Mobile Applications & Security

Trainer: Prashant Verma
Audience: Management, Technical, Operations
Level: Basic, Intermediate, People with a background in security but no prior knowledge of mobile applications
Date: Thursday, April 12

Course Summary:
This course covers security tests that are conducted on mobile applications with a focus on iOS and Android platforms.

Students will first learn the basics of mobile applications followed by a brief background of iOS and Android platforms, their security models and an overview of their development basics.

They will then learn how to model a threat profile for mobile applications and then test and debug the mobile applications for security vulnerabilities.

Reading locally stored data in mobiles, setting up a proxy to intercept and test network traffic and reversing Android applications will be a few of the topics discussed. We will also discuss the challenges involved in reversing an iOS application. The course includes examples for both the platforms and sample code snippets will also be provided.

We will also discuss the best practices that have to be followed for secure development of mobile applications. The course would end with a discussion of the OWASP Mobile Top 10 risks.


Prashant Verma is a Senior Security Consultant and Competency Lead at Paladion Networks. He has 6 years of experience. He drives the Mobile Application Security Service and Research at Paladion. He is the co-author of the "Security Testing Handbook for Banking Applications". He has also authored security articles for the Hacki9 and Palisade magazines. He has given presentations at Club Hack 2011 on "Pentesting Mobile Applications". He has also given guest lectures and security trainings at various occasions, which include the National Institute of Bank Management (NIBM) and Babasaheb Ambedkar Marathwada University (BAMU). He is a "Digital Evidence Analyst" i.e. he has conducted Mobile Security Testing, Java, Android and iOS Security Code Reviews. He has also conducted numerous application and network penetration tests, vulnerability assessments, etc.