This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2016 Workshops

From OWASP
Revision as of 17:13, 10 August 2016 by Oana Cornea (talk | contribs) (Created page with "{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="4" | style="width:100%" valign="middle" height...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Workshop

Time Title Trainers Description
9:00 - 17:00

 OWASP Top 10 vulnerabilities – discover, exploit, remediate
 		Adrian Furtună – Founder & Ethical Hacker – VirtualStorm Security
Ionuţ Ambrosie – Security Consultant – KPMG Romania 		Description:The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.

We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be presented and used during the workshop.
This will be a (very) hands-on workshop where we will practice exercises as:

  • Discover SQL injection and exploit it to extract information from the database
  • Find OS command injection and exploit it to execute arbitrary commands on the target server
  • Discover Cross-Site Scripting and exploit it to gain access to another user’s web session
  • Spot XML External Entity vulnerabilities and use them to read arbitrary files from the server
  • Identify Local File Inclusion and exploit it to gain remote command execution
  • Find Cross-Site Request Forgery and exploit it to gain access to the admin panel
  • Detect standard components of web apps containing known vulnerabilities and exploit them
  • Other fun and challenging tasks

Of course, we will also present safe ways in which the identified vulnerabilities can be eliminated or mitigated in production environments.
Intended audience: Web application developers, security testers, quality assurance personnel, people passionate about web security
Skill level: Intermediate
Requirements:

  • Laptop with a working operating system
  • At least 2 GB of free disk space and at least 2 GB RAM
  • Administrative rights on the laptop
  • VMWare Player installed

Seats available: 20 (first-come, first served)
Price: 200 euros/person
Register here

9:00 - 17:00

 Secure Web Applications in Java
 		Cristian Serban- AppSec Architecture Manager
Lucian Suta - Software Security Trainer and Consultant 		Description: Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications using the Spring Framework, JSP, or FreeMarker templates? What are the security features built into the most common Java frameworks and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build secure coding and secure code review skills, uncover and protect against some of the most common vulnerabilities in Java code.

Intended audience: Web application developers, security testers, quality assurance personnel, people passionate about web security
Skill level: Intermediate
Requirements: This course requires moderate Java coding skills, a laptop with a latest JDK, Intellij IDEA or Spring Tool Suite and ZAP installed.

Seats available: 20 (first-come, first served)
Price: 200 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2016_Workshops&oldid=220300"