This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2017 Training1

From OWASP
Revision as of 08:29, 2 October 2017 by Oana Cornea (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Training

Time Title Trainers Description
1 day training
11th of October
daily: 9:00 - 17:00

 OWASP Top 10 vulnerabilities – discover, exploit, remediate
 Adrian Furtună – Founder & Ethical Hacker – VirtualStorm Security and
Ionuţ Ambrosie – Security Consultant – KPMG Belgium 		Description: The overall objective of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.

We will discuss each type of vulnerability described in the OWASP Top 10 project and will teach participants manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be introduced during the workshop. This is a hands-on workshop where participants will learn how to:

  • Built a threat model for the target application
  • Perform web app recon
  • Discover SQL injection and exploit it to extract information from the back-end database
  • Find OS command injection and exploit it to execute arbitrary commands on the target server
  • Discover Cross-Site Scripting and exploit it to gain access to another user’s web session
  • Spot XML External Entity vulnerabilities and use them to read arbitrary files from the server
  • Identify Local File Inclusion and exploit it to gain remote command execution
  • Find Cross-Site Request Forgery and exploit it to gain access to the admin panel
  • Detect standard components of web apps containing known vulnerabilities and exploit them

Moreover, we will discuss ways in which security can be better integrated into the software development lifecycle and how the OWASP Top 10 vulnerabilities can be avoided, identified early on or mitigated before they reach production environments.
Intended audience: Web application developers, penetration testers, information security professionals, quality assurance personnel, web security enthusiasts
Skill level: The course assumes basic knowledge about the inner workings of the web and some web programming skills
Requirements:

  • Laptop with a working operating system
  • At least 2 GB of free disk space and at least 2 GB RAM
  • Administrative rights on the laptop
  • VMWare Player installed

Seats available: 20 (first-come, first served)
Price: 400 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Training1&oldid=233963"