This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP EU Summit 2008 Training (Courses to be Approved)"
Camargoneves (talk | contribs) (→Course Name) |
Camargoneves (talk | contribs) (→Web server/services hardening using SELinux) |
||
Line 114: | Line 114: | ||
1. SELinux history | 1. SELinux history | ||
+ | |||
2. Unix/Linux DAC (Discretionary Access Control) and its problems | 2. Unix/Linux DAC (Discretionary Access Control) and its problems | ||
+ | |||
3. MAC (Mandatory Access Control) | 3. MAC (Mandatory Access Control) | ||
+ | |||
4. Advantages of using MAC | 4. Advantages of using MAC | ||
+ | |||
5. DTE (Domain Type Enforcement) model | 5. DTE (Domain Type Enforcement) model | ||
+ | |||
6. RBAC (Roles Based Access Control) model | 6. RBAC (Roles Based Access Control) model | ||
+ | |||
7. MLS (Multi Level Security) model | 7. MLS (Multi Level Security) model | ||
+ | |||
8. SELinux FLASK Architecture | 8. SELinux FLASK Architecture | ||
+ | |||
9. SELinux policy (EXERCISE) | 9. SELinux policy (EXERCISE) | ||
+ | |||
10. File System Security Contexts (EXERCISE) | 10. File System Security Contexts (EXERCISE) | ||
+ | |||
11. SELinux Object Classes and Permissions | 11. SELinux Object Classes and Permissions | ||
− | 12. TE (Type Enforcement) Rules (Attributes, Type Declaration, Type | + | |
− | Transitions, Domain Type Transitions, Object Labeling Transitions, | + | 12. TE (Type Enforcement) Rules (Attributes, Type Declaration, Type Transitions, Domain Type Transitions, Object Labeling Transitions, Access Vectors) |
− | Access Vectors) | + | |
13. Understanding AVC, log messages | 13. Understanding AVC, log messages | ||
+ | |||
14. audit2allow and audit2why (EXERCISE) | 14. audit2allow and audit2why (EXERCISE) | ||
+ | |||
15. SELinux Troubleshoot Tool (EXERCISE) | 15. SELinux Troubleshoot Tool (EXERCISE) | ||
+ | |||
16. Auditing and Auditing tools | 16. Auditing and Auditing tools | ||
+ | |||
17. Policy Macros | 17. Policy Macros | ||
+ | |||
18. Backtracking rule (EXERCISE) | 18. Backtracking rule (EXERCISE) | ||
+ | |||
19. SELinux Users, Roles, MLS Levels | 19. SELinux Users, Roles, MLS Levels | ||
+ | |||
20. Strict Policy | 20. Strict Policy | ||
+ | |||
21. Targeted Policy | 21. Targeted Policy | ||
+ | |||
22. SELinux Booleans and their use for Apache web server (EXERCISE) | 22. SELinux Booleans and their use for Apache web server (EXERCISE) | ||
+ | |||
23. Files and Directories in Targeted Policy, common SELinux Macros (EXERCISE) | 23. Files and Directories in Targeted Policy, common SELinux Macros (EXERCISE) | ||
+ | |||
24. Analyzing Example Policy - apache.te (EXERCISE) | 24. Analyzing Example Policy - apache.te (EXERCISE) | ||
+ | |||
25. Assigning Object and Process Types | 25. Assigning Object and Process Types | ||
+ | |||
26. SELinux Booting | 26. SELinux Booting | ||
− | 27. Copying and moving files, checking security contexts, relabeling a | + | |
− | file and directory's security context (EXERCISE) | + | 27. Copying and moving files, checking security contexts, relabeling a file and directory's security context (EXERCISE) |
+ | |||
28. Policy core utilities | 28. Policy core utilities | ||
+ | |||
29. Managing File Labeling, Relabeling a File System (EXERCISE) | 29. Managing File Labeling, Relabeling a File System (EXERCISE) | ||
+ | |||
30. SELinux Administrator GUI (EXERCISE) | 30. SELinux Administrator GUI (EXERCISE) | ||
+ | |||
31. SELinux Modules (EXERCISE) | 31. SELinux Modules (EXERCISE) | ||
+ | |||
32. Hardening existing LAMP environments using SELinux (EXERCISE) | 32. Hardening existing LAMP environments using SELinux (EXERCISE) | ||
+ | |||
33. Writing New Policy for a Daemon (EXERCISE for clever students) | 33. Writing New Policy for a Daemon (EXERCISE for clever students) | ||
Revision as of 00:21, 17 September 2008
The courses listed on this page are to be approved by OWASP Board.
- 1 Source Code Review
- 2 Advanced Phishing and Social Engineering Training
- 3 Web server/services hardening using SELinux
- 4 Course Name
- 5 Course Name
- 6 Course Name
- 7 Course Name
- 8 Course Name
- 9 Course Name
- 10 Course Name
- 11 Course Name
- 12 Course Name
- 13 Course Name
- 14 Course Name
- 15 Course Name
- 16 Course Name
- 17 Course Name
- 18 Course Name
- 19 Course Name
- 20 Course Name
- 21 Course Name
- 22 Course Name
- 23 Course Name
- 24 Course Name
- 25 Course Name
- 26 Course Name
- 27 Course Name
- 28 Course Name
- 29 Course Name
Source Code Review
Instructor
Eoin Keary and Daniel Cuthbert
Duration
Please enter the text here
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Advanced Phishing and Social Engineering Training
Instructor
Joshua Perrymon
Duration
1 day
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
This class is designed to illustrate hands-on methods used in the real world attacking the human layer. This includes a focus on spear-phishing using the newly introduced OWASP phishing framework (LUNKER). Attendees will identify target emails using a variety of methods, identify potential phish sites, create a spoofed email and send the attack all in a locally ran test environment in Vmware or LiveCD.
Upon completion of this course, attendees will have an in-depth understanding of the latest techniques used to perform these type of attacks. The class will also include additional social engineering attack methods such as impersonation, authority attacks, pre-text attacks, and much more. Advanced topics such as Email Payloads and 2nd Factor token MITM attacks will be covered as well.
1. Introduction to Social Engineering
2. Understanding the Human Aspect of Security
3. Review of aggressively vertical hacking methodology
4. Analysis of attack trending over the years (Up the OSI Model)
5. Review of public Social Engineering Attacks in the media
6. Hands on: Spear Phishing Demo using the Lunker Framework
a. Understanding the Social Engineering Scope of work b. Setup Client Info c. Gather Email addresses/targets d. Identify potential phishing sites e. Creation of spoofed emails i. Custom footers ii. Attack Scenarios iii. Email header options
f. Test Environment: Review the spoofed email and phishing site
g. Send attack
h. Monitor: Discuss steps to take at this point once the users send in credentials.
i. Advanced Phishing Attacks: Recon, XSS/CSRF/Browser Exploit/Trojan payloads
j. MITM Attacks on 2-factor Authentication
k. Summary
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Web server/services hardening using SELinux
Instructor
Pavol Luptak
Duration
1 day
Summary
Security-Enhanced Linux (SELinux) is a FLASK implementation integrated in the Linux kernel with a number of utilities designed to provide mandatory access controls (MAC) through the use of Linux Security Modules (LSM) in the Linux kernel. SELinux generally supports many kinds of mandatory access control policies, including those based on the concepts of type enforcement, role-based access control, and multi-level security.
A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. This reduces or eliminates the ability of these programs and daemons to cause harm when compromised (via buffer overflows or misconfigurations, for example). This confinement mechanism operates independently of the traditional Linux access control mechanisms. It has no concept of a "root" super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries).
This training provides basic concepts of SELinux, its differences to classical UNIX/Linux systems, describe security advantages of mandatory access control policies and teach how to effectively and rapidly configure a fully functional LAMP environment on SELinux system.
Audience
Please enter the text here.
Table of Contents
1. SELinux history
2. Unix/Linux DAC (Discretionary Access Control) and its problems
3. MAC (Mandatory Access Control)
4. Advantages of using MAC
5. DTE (Domain Type Enforcement) model
6. RBAC (Roles Based Access Control) model
7. MLS (Multi Level Security) model
8. SELinux FLASK Architecture
9. SELinux policy (EXERCISE)
10. File System Security Contexts (EXERCISE)
11. SELinux Object Classes and Permissions
12. TE (Type Enforcement) Rules (Attributes, Type Declaration, Type Transitions, Domain Type Transitions, Object Labeling Transitions, Access Vectors)
13. Understanding AVC, log messages
14. audit2allow and audit2why (EXERCISE)
15. SELinux Troubleshoot Tool (EXERCISE)
16. Auditing and Auditing tools
17. Policy Macros
18. Backtracking rule (EXERCISE)
19. SELinux Users, Roles, MLS Levels
20. Strict Policy
21. Targeted Policy
22. SELinux Booleans and their use for Apache web server (EXERCISE)
23. Files and Directories in Targeted Policy, common SELinux Macros (EXERCISE)
24. Analyzing Example Policy - apache.te (EXERCISE)
25. Assigning Object and Process Types
26. SELinux Booting
27. Copying and moving files, checking security contexts, relabeling a file and directory's security context (EXERCISE)
28. Policy core utilities
29. Managing File Labeling, Relabeling a File System (EXERCISE)
30. SELinux Administrator GUI (EXERCISE)
31. SELinux Modules (EXERCISE)
32. Hardening existing LAMP environments using SELinux (EXERCISE)
33. Writing New Policy for a Daemon (EXERCISE for clever students)
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)
Course Name
Instructor
Please enter the text here.
Duration
Please enter the text here.
Summary
Please enter the text here.
Audience
Please enter the text here.
Table of Contents
Please enter the text here.
Course Specifics
Please enter the text here. (i.e. bring your own laptop)