Attending this event?

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Beginner [clear filter]
Tuesday, July 20

12:00pm EDT

Application Security 101
This session introduces the different aspects of application security including DAST, SAST, SCA, IAST, RASP, WAF, etc, and explains the value of each, when they should be used, and some of the considerations associated with selecting the correct solution for your business.

1. What's at risk and why AppSec testing is so important
2. Get with the lingo, as we cover key AppSec terms to bring you up to speed
3. What is the OWASP Top 10
4. Review the different types of AppSec (SAST, DAST, IAST, SCA, RASP, WAF).
5. Understand where they fit in the DevOps cycle and their pros and cons so you can make a decision on how you can enhance your security posture for your environment and organisation.

avatar for Andy Schmidt

Andy Schmidt

Andrew, who commonly goes by Andy, began his career in the Application Security industry 6 years ago. He got his start at Fortify on Demand where he gained experience running DAST solutions and performing manual PenTests on web applications and APIs. After FoD, he transitioned into... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm EDT

12:00pm EDT

Security for Web Developers - an Offensive Approach
Overview of Web Penetration Testing Modules
- OWASP Top Ten Web Vulnerabilities
- API Top Ten vulnerabilities
- Technical measures and best practices u HTTP Security Headers
- JSON Web Tokens

The methodology of the course covers more than 75% practical hands-on approach. They will get hands-on knowledge to perform the hacking tasks in ethical ways to improve the security of assets by using various hacking tools.
Attack side: Kali Linux 2020.x, NMAP, Burp / OWASP ZAP, Metasploit Framework (MSF).
Victim side: OWASP Resources i.e. Damn Vulnerable Web Application (DVWA), Tomcat, as virtual machines.

• Penetration testing overview
• Various types of web apps footprinting, footprinting tools, and countermeasures
• Ethical hacking methodology
• Web attacks: XSS, SQL Injection, Facebook phishing.
• NoSQL injection, API vulnerabilities, LFI, Brute-Force attacks, CSRF.

avatar for Gabriel Avramescu

Gabriel Avramescu

I work as a penetration tester with over 8 years of experience and as a trainer with over 14 years (5 in the security field). Certifications: OSWE, OSWP,OSCP, CEH, ECSA, CHFI, ISO 27001, CREST CRT, CREST CPSA, etc. Trainer on OWASP AppSec Days - August 2020 Penetration testing customers... Read More →

Tuesday July 20, 2021 12:00pm - Wednesday July 21, 2021 4:00pm EDT