This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bucharest AppSec Conference 2017 Training1"

From OWASP
Jump to: navigation, search
(edit)
Line 7: Line 7:
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 13th of October<br>daily: 9:00 - 17:00<br><br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 12th of October<br>daily: 9:00 - 17:00<br><br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP Top 10 vulnerabilities – discover, exploit, remediate<br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | OWASP Top 10 vulnerabilities – discover, exploit, remediate<br>
  
Line 57: Line 57:
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
[https://www.eventbrite.com/e/owasp-bucharest-appsec-conference-2017-tickets-35356670754 Register here]
 
|-
 
|-
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 12th of October<br>daily: 9:00 - 17:00<br><br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 1 day training <br> 11th of October<br>daily: 9:00 - 17:00<br><br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction to Metasploit Framework<br>
 
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Introduction to Metasploit Framework<br>
  

Revision as of 14:13, 11 August 2017

Training

Time Title Trainers Description
1 day training
12th of October
daily: 9:00 - 17:00

 OWASP Top 10 vulnerabilities – discover, exploit, remediate
 Adrian Furtună – Founder & Ethical Hacker – VirtualStorm Security and
Ionuţ Ambrosie – Security Consultant – KPMG Belgium 		Description: The overall objective of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks.

We will discuss each type of vulnerability described in the OWASP Top 10 project and will teach participants manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be introduced during the workshop. This is a hands-on workshop where participants will learn how to:

  • Built a threat model for the target application
  • Perform web app recon
  • Discover SQL injection and exploit it to extract information from the back-end database
  • Find OS command injection and exploit it to execute arbitrary commands on the target server
  • Discover Cross-Site Scripting and exploit it to gain access to another user’s web session
  • Spot XML External Entity vulnerabilities and use them to read arbitrary files from the server
  • Identify Local File Inclusion and exploit it to gain remote command execution
  • Find Cross-Site Request Forgery and exploit it to gain access to the admin panel
  • Detect standard components of web apps containing known vulnerabilities and exploit them

Moreover, we will discuss ways in which security can be better integrated into the software development lifecycle and how the OWASP Top 10 vulnerabilities can be avoided, identified early on or mitigated before they reach production environments.
Intended audience: Web application developers, penetration testers, information security professionals, quality assurance personnel, web security enthusiasts
Skill level: The course assumes basic knowledge about the inner workings of the web and some web programming skills
Requirements:

  • Laptop with a working operating system
  • At least 2 GB of free disk space and at least 2 GB RAM
  • Administrative rights on the laptop
  • VMWare Player installed

Seats available: 20 (first-come, first served)
Price: 400 euros/person
Register here

1 day training
12th of October
daily: 9:00 - 17:00

 Time critical DFIR: Key playbooks, techniques and tools for time-pressured investigations of security incidents
 Teodor Cimpoesu - Senior Manager Cyber Risk Advisory Description: This course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks.

Topics:

  • Use of a wide range of best-of-breed open-source tools to perform incident response and digital forensics
  • Threat hunting techniques that will aid in quicker identification of breaches
  • Rapid incident response analysis and breach assessment
  • Incident response and intrusion forensics methodology
  • Rapid and deep-dive timeline creation and analysis
  • Discovery of unknown malware on a system
  • Cyber-kill chain strategies

Intended audience: Digital Forensic Analysts, IR Team Members, Penetration Testers, Exploit Developers, Red Team members
Skill level: Prior minimum Cybersecurity experience.
Requirements: This course will contain a hands-on component, so attendees should bring their own laptop with at least 4 GB RAM, i5 processor, 40 GB available storage, virtualization software (VMware Workstation Player).
Seats available: 20 (first-come, first served)
Price: 500 euros/person
Register here

1 day training
11th of October
daily: 9:00 - 17:00

 Introduction to Metasploit Framework
 Adrian Ifrim - Senior Consultant Cyber Risk Services Description: Metasploit is one, if not the most, widely used tool for penetration testing, providing powerful attack simulations, security assessment management, and post exploitation resources. Metasploit’s capabilities are wide, and this class will help you to prepare to run vulnerability assessments for organizations of any size.
In this course, we will teach how to use Metasploit to enumerate available services, identify potential weaknesses, test vulnerabilities through exploitation, and gather evidence for reporting. You will learn how to install and configure the Metasploit Framework and several supporting tools on Kali Linux. At the end of the course you will have a better understanding on how exploits and payloads work together to gain access to systems.

Intended audience: Penetration testers, Vulnerability assessment personnel, Auditors, Security engineers, Security researchers
Skill level: Basic knowledge of Networking, Windows, Linux.
Requirements: The attendees should bring their own laptop with at least 4GB RAM, i5 processor, 40GB storage space, virtualization software (VMware Workstation Player).
Seats available: 20 (first-come, first served)
Price: 400 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2017_Training1&oldid=232185"