← Older revision
Revision as of 20:04, 25 July 2016
(One intermediate revision by the same user not shown)
Line 72:
Line 72:
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
|-
|-
−
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:00 -
14
:00<br>
(5 hours)
<br>
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:00 -
17
:00<br><br>
−
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''<br>
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
OWASP Top 10 vulnerabilities – discover, exploit, remediate
'''<br>
−
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | '''
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" |
[https://ro.linkedin.com/in/adrianfurtuna Adrian Furtună]''' – Founder & Ethical Hacker – VirtualStorm Security <br> '''[https://twitter.com/iambrosie Ionuţ Ambrosie]''' – Security Consultant – KPMG Romania
'''
−
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''<br>
+
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:'''
The purpose of this workshop is to increase the participants’ awareness on the most common web application vulnerabilities and their associated risks. <br>
+
We will discuss each type of vulnerability described in the OWASP Top 10 project and we will be practicing manual discovery and exploitation techniques. Furthermore, a set of useful security testing tools will be presented and used during the workshop.<br>
+
This will be a (very) hands-on workshop where we will practice exercises as:<br>
+
* Discover SQL injection and exploit it to extract information from the database<br>
+
* Find OS command injection and exploit it to execute arbitrary commands on the target server<br>
+
* Discover Cross-Site Scripting and exploit it to gain access to another user’s web session<br>
+
* Spot XML External Entity vulnerabilities and use them to read arbitrary files from the server<br>
+
* Identify Local File Inclusion and exploit it to gain remote command execution<br>
+
* Find Cross-Site Request Forgery and exploit it to gain access to the admin panel<br>
+
* Detect standard components of web apps containing known vulnerabilities and exploit them<br>
+
* Other fun and challenging tasks<br>
+
Of course, we will also present safe ways in which the identified vulnerabilities can be eliminated or mitigated in production environments.
+
'''<br>
+
'''Intended audience:''' Web application developers, security testers, quality assurance personnel, people passionate about web security<br>
+
'''Skill level: ''' Intermediate <br>
+
'''Requirements:'''
+
* Laptop with a working operating system <br>
+
* At least 2 GB of free disk space and at least 2 GB RAM<br>
+
* Administrative rights on the laptop<br>
+
* VMWare Player installed
<br>
+
'''Seats available: '''20 (first-come, first served)<br>
+
'''Price: '''200 euros/person <br>
+
[Register here]
+
|-
+
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 9:00 - 17:00<br><br>
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Secure Web Applications in Java'''<br>
+
+
| style="width:25%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | [http://ro.linkedin.com/in/scrissti Cristian Serban]'''- AppSec Architecture Manager''' <br> [https://ro.linkedin.com/in/luciansuta Lucian Suta]''' - Software Security Trainer and Consultant'''
+
| style="width:40%" valign="middle" height="30" bgcolor="#CCEEEE" align="justify" colspan="0" | '''Description:''' Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications using the Spring Framework, JSP, or FreeMarker templates? What are the security features built into the most common Java frameworks and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build secure coding and secure code review skills, uncover and protect against some of the most common vulnerabilities in Java code.<br>
+
'''Intended audience:''' Web application developers, security testers, quality assurance personnel, people passionate about web security<br>
+
'''Skill level: ''' Intermediate <br>
+
'''Requirements:''' This course requires moderate Java coding skills, a laptop with a latest JDK, Intellij IDEA or Spring Tool Suite and ZAP installed. <br>
'''Seats available: '''20 (first-come, first served)<br>
'''Seats available: '''20 (first-come, first served)<br>
+
'''Price: '''200 euros/person <br>
[Register here]
[Register here]
|-
|-