Loading…
Attending this event?
The virtual training classes are 8 hour courses offered in 4-hour blocks over two days. The trainings will begin at 12:00pm Eastern Time (USA)/6:00pm Central European Time. 

OWASP Members save $50 off the cost of a training course. Email events@owasp.com for your member discount code. If you are not an OWASP Member, please consider joining here.

REGISTER HERE FOR TRAINING

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

←View All Dates
Tuesday, March 9
 

12:00pm EST

Application Security Essentials - 2021 Edition
Application Security is constantly evolving. Engineering teams use new technologies, frameworks and tools to make apps more responsive, easy-to-use and functional. At the same time attackers are constantly looking to infiltrate and find new security weaknesses in modern applications.

This program is a defense-focused training that delves deep into advanced topics of Application Security. The training expounds attacks and defenses against modern full-stack applications, right from client-side vulnerabilities to advanced server-side vulnerabilities and defenses.

Speakers
avatar for Andrew van der Stock

Andrew van der Stock

Executive Director, OWASP Foundation
Andrew van der Stock is a long time security researcher and the current Executive Director of the OWASP Foundation, co-lead of the OWASP Top 10 and OWASP Application Security Verification Standard, and is formerly an OWASP Global Board member. Andrew has trained or spoken at many... Read More →


Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom

12:00pm EST

Hacking Android and IoT apps by Example
This course is the culmination of years of experience gained via practical penetration testing of mobile applications as well as countless hours spent in research. We have structured this course around the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. As we try to keep both new and advanced students happy, the course is very comprehensive and we have not met any student able to complete all challenges during the class, therefore training continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Each day starts with a brief introduction to the mobile platform for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

Day 1: Focused specifically on Android: We start with understanding applications and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands-on exercises and CTF-style challenges.

Speakers

Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom

12:00pm EST

Hacking Modern Web apps: Master the Future of Attack Vectors
This course is the culmination of years of experience gained via practical penetration testing of Modern Web applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Web apps. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Each section starts with a brief introduction to the Modern platform (i.e. Node.js) for that section and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

Section 1: Focused specifically on Hacking Modern Web Apps: We start with understanding Modern Web Apps and then deep dive into static and dynamic analysis of the applications at hand. This section is packed with hands-on exercises and CTF-style challenges.

Speakers
avatar for Anirudh Anand

Anirudh Anand

Security Trainer, 7ASecurity
Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Senior Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 7 yea... Read More →


Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom

12:00pm EST

Secure your SDLC using OWASP SAMM - ASAP!
Building security into the software development and management functions of a company can be a daunting task. There are many variables in the equation: company structure, different stakeholders, technology stacks, tools and processes, and competing priorities. Implementing software assurance can have a significant, positive impact on the organization. Yet, trying to achieve this without a good framework is likely to produce only marginal and unsustainable improvements. The OWASP Software Assurance Maturity Model provides a structural and measurable framework to overcome this challenge. It enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organization.

This 8-hour training - delivered as a mix of presentation, discussion, and interactive workshop - is intended for CSOs, directors, security architects, security analysts, and other application security professionals with responsibility for improving your organization's security posture. You will leave with an in-depth understanding of OWASP SAMM, pragmatic steps and tools for increased agility and compliance, and a template to kickstart your Application Security Assurance Program. Protect the confidentiality, integrity and availability of your data by implementing an application security assurance program in your organization - ASAP!

Speakers
avatar for John Ellingsworth

John Ellingsworth

Security Principal, Ellingsworth
John Ellingsworth is a security principal at a global company where he helps software development teams build and deliver secure enterprise solutions. When not collaborating on secure software solutions, he can often be found outdoors with his family - and probably scaling mountains... Read More →


Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom

12:00pm EST

Securing Microservices with OAuth 2.0 and OpenID Connect (Hands-On Workshop)
OAuth 2.0 and OpenID Connect (OIDC) are the most commonly used solutions for stateless, token-based authentication in distributed microservice architectures as of today.

But have you ever asked yourself how OAuth 2.0 really works and how it differs from OpenID Connect? Then this workshop is a good opportunity to get to know how it works by making your hands dirty in code using Spring Security.

After an introduction to the basic concepts of OAuth 2.0 and OpenID Connect, we will use a boot-based Spring sample application to gradually implement authentication and authorization using these standards.

Learning Objectives:
- Differences between OAuth 2.0 and OpenID Connect (OIDC)
- What is an Authorization Grant and when do I use which grant
- The detailed procedure of the Authorization Code Grant protocol flow
- Implementation of an OAuth 2.0/OIDC compliant Resource Server
- Differences between JWT and reference tokens
- Authorization by means of claims in JWT
- Implementation of an OAuth 2.0/OIDC compliant client
- The correct validation of tokens
- Automated testing with OAuth 2.0 and OpenID Connect
- Current best practices for OAuth 2.0 and OIDC, especially for Single Page Applications
- The workshop contents are aligned with the proposed updates of OAuth 2.1

Speakers
avatar for Andreas Falk

Andreas Falk

Managing Consultant, Novatec Consulting
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. For more than 20 years, he has been involved in various projects as an architect, coach, and developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID... Read More →


Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom

12:00pm EST

Security for Web Developers - an Offensive Approach
Overview of Web Penetration Testing Modules
- OWASP Top Ten Web Vulnerabilities
- API Top Ten vulnerabilities
- Technical measures and best practices u HTTP Security Headers
- JSON Web Tokens

The methodology of the course covers more than 75% practical hands-on approach. They will get hands-on knowledge to perform the hacking tasks in ethical ways to improve the security of assets by using various hacking tools. Attack side: Kali Linux 2020.x, NMAP, Burp / OWASP ZAP, Metasploit Framework (MSF). Victim side: OWASP Resources i.e. Damn Vulnerable Web Application (DVWA), Tomcat, as virtual machines.

Modules:
• Penetration testing overview
• Various types of web apps footprinting, footprinting tools, and countermeasures
• Ethical hacking methodology
• Web attacks: XSS, SQL Injection, Facebook phishing.
• NoSQL injection, API vulnerabilities, LFI, Brute-Force attacks, CSRF.

Speakers
avatar for Gabriel Avramescu

Gabriel Avramescu

ituniversity.ro
I work as a penetration tester with over 8 years of experience and as a trainer with over 14 years (5 in the security field). Certifications: OSWE, OSWP,OSCP, CEH, ECSA, CHFI, ISO 27001, CREST CRT, CREST CPSA, etc. Trainer on OWASP AppSec Days - August 2020 Penetration testing customers... Read More →


Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom

12:00pm EST

Threat Modeling: From None to Done
This session offers participants an interactive introduction to Threat Modeling, based on the instructor's learning and experience over the past several years. A primary focus of this course is the introduction of threat modeling activities into your organization's software development processes, to improve the overall quality and security of the applications you build.

As a recent "convert" to the application security world, your instructor has developed his "expertise" in threat modeling by gathering information from a variety of sources. He's combined those learnings with his own experience to create a practical threat modeing approach he has successfully applied within his professional roles.

In addition to addressing key questions around the "Five Ws," the presentation will cover the "Four Questions" approach to developing a model, and include several interactive exercises to provide direct experience. A brief review of available modeing tools will also be included, along with a discussion of the opportunities and challenges for introducing Threat Modelng into your SDLC.

Speakers
avatar for John DiLeo

John DiLeo

Datacom New Zealand
Dr. John DiLeo is the Auckland-area leader of the OWASP New Zealand Chapter. In his current role, he leads a consulting team that helps enterprises develop and mature their software assurance programs, with emphasis on governance, threat modeling and risk-based requirements, secure... Read More →


Tuesday March 9, 2021 12:00pm - Wednesday March 10, 2021 4:00pm EST
Zoom