OWASP July 2021 Virtual AppSec Training Program
Attending this event?

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, July 20

12:00pm PDT

Application Security 101
This session introduces the different aspects of application security including: DAST, SAST, SCA, IAST, RASP, WAF etcand explains the value of each, when they should be used and some of the considerations associated with selecting the correct solution for your business.

1. What's at risk and why AppSec testing is so important
2. Get with the lingo, as we cover key AppSec terms to bring you up to speed
3. What is the OWASP Top 10
4. Review the different types of AppSec (SAST, DAST, IAST, SCA, RASP, WAF).
5. Understand where they fit in the DevOps cycle and their pros and cons so you can make a decision on how you can enhance your security posture for your environment and organisation

avatar for Andy Schmidt

Andy Schmidt

Andrew, who commonly goes by Andy, began his career in the Application Security industry 6 years ago. He got his start at Fortify on Demand where he gained experience running DAST solutions and performing manual PenTests on web applications and APIs. After FoD, he transitioned into... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm PDT

12:00pm PDT

OWASP ZAP from zero to hero
During this training you will learn how to start with OWASP Zed Attack Proxy (ZAP), finding Top 10 vulnerabilities as well as advance web attacks and finally write ZAP scripts to perform an extreme customized attacks. You will also learn how to write your own malicious scripts In OWASP ZAP to run your arbitrary codes and security tests on your target. This training will focus on deep understanding from the beginning about one of the best penetration testing tools “OWASP ZAP” and techniques to perform a fully security assessment and penetration testing.

avatar for Ali Abdollahi

Ali Abdollahi

Ali Abdollahi is a cyber security expert with over 8 years of experience working in a variety of security fields. Ali is a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, red-teaming, secure coding... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm PDT

12:00pm PDT

Python for Network and WebApp Pentesting
Python for Network and WebApp Pentesting is a training that will bring to the attendees everything they need in order to be able to craft their own tools to solve automation and computation problems when working with infosec and IT in general. It was designed to deliver a 100% practical experience by going through various tools and techniques made exclusively to achieve this goal.

The training was created for information security and IT professionals with basic or intermediate knowledge in computer networks and programming logic. Its main focus is to teach python for offensive security activities, which means that several python techniques will be applied in order to craft tools and build an offensive mindset so the attendees can better understand the most commonly used tactics in this type of activity. Achieving this goal is crucial for everyone who works with IT because it is very important to understand how attacks work if you are on the defense or development side as this will certainly help to better protect their assets and products.

The course is divided in two parts, each one with a specific goal:

1. Part 1 will focus on information gathering. The goal is to build some tools that will help us to speed up the process of collecting certain types of information like multiple regex searches and subdomain bruteforcing.

2. In Part 2 we are going to see network tools, such as a HTTPS reverse shell and a basic port scanner. We'll also going to see a Telegram bot that controls a Windows 10 PC remotely. The training will also have a parallel activity which will increase even more its practical hands-on aspect: An online, fully interactive lab which will run for the whole duration of the course. This lab will act as a competition aimed at bringing the attendees knowledge to the limit. They will be challenged with fifty questions from basic to expert levels, ranging from fundamentals to more complex infosec tasks, so they can apply everything the course has to teach right away and after the course ends.


Ulisses Alves

I am a cybersecurity analyst with more than 15 years of IT experience and almost 7 years in the cybersecurity field. I currently work for a private company as a Red Team Leader, leading the planning and execution of red team operations and penetration tests. I have also conducted... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm PDT

12:00pm PDT

Scaling your Security - How To Grow a Champions Programme
If you want to scale your software security program, you absolutely need to have security champions. Security champions are those folks spread throughout each of your teams – engineering, QA, devops, etc – that are both regular team members, and also the local representatives of the security team. They can bring additional security perspectives into the team’s internal workflow, engage with the rest of the team about risk, act as the local point of contact for security issues, and escalate to the security team when needed. It is a great way to scale security efforts beyond your minimal resources, and integrate much better with the product teams. However, if you want your champions to succeed, and to continue to do so over time – you can’t just throw a handful of cybers at them and expect them to know what to do. Unfortunately, many organizations have tried this path, and failed. You need to thoughtfully build a Champions Programme that will encourage, support, and maintain your champions. You need to make clear what you expect from them, and ensure they have all the resources they need to meet these, whether time, budget, or access. For that matter, you need to be able to recruit the right champions in the right place, and empower them to have the massive impact you know they can. This course will teach you how to customize process for creating, initiating, and running an effective Champions Programme, and be able to succeed in doing so.


Avi Douglen

Bounce Security
AviD is a high-end, independent security architect and developer, with decades of experience implementing security requirements and protecting complex systems. He has been designing, developing, and testing secure applications for over 20 years, and is obsessed with maximizing value... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm PDT

12:00pm PDT

Security for Web Developers - an Offensive Approach
Overview of Web Penetration Testing Modules
- OWASP Top Ten Web Vulnerabilities
- API Top Ten vulnerabilities
- Technical measures and best practices u HTTP Security Headers
- JSON Web Tokens

The methodology of the course covers more than 75% practical hands-on approach. They will get hands-on knowledge to perform the hacking tasks in ethical ways to improve the security of assets by using various hacking tools. Attack side: Kali Linux 2020.x, NMAP, Burp / OWASP ZAP, Metasploit Framework (MSF). Victim side: OWASP Resources i.e. Damn Vulnerable Web Application (DVWA), Tomcat, as virtual machines.

• Penetration testing overview
• Various types of web apps footprinting, footprinting tools, and countermeasures
• Ethical hacking methodology
• Web attacks: XSS, SQL Injection, Facebook phishing.
• NoSQL injection, API vulnerabilities, LFI, Brute-Force attacks, CSRF.

avatar for Gabriel Avramescu

Gabriel Avramescu

I work as a penetration tester with over 8 years of experience and as a trainer with over 14 years (5 in the security field). Certifications: OSWE, OSWP,OSCP, CEH, ECSA, CHFI, ISO 27001, CREST CRT, CREST CPSA, etc. Trainer on OWASP AppSec Days - August 2020 Penetration testing customers... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm PDT