Loading…
Attending this event?
The virtual training classes are 8 hour courses offered in 4-hour blocks over two days. The trainings will begin at 12:00pm Eastern Time (USA)/6:00pm Central European Time. 

OWASP Members save $50 off the cost of a training course. Email events@owasp.com for your member discount code. If you are not an OWASP Member, please consider joining here.

REGISTER HERE FOR TRAINING

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, May 25
 

12:00pm EDT

Deep Dive into Fuzzing

Attendees would be emulating techniques which would provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.

Speakers
avatar for Zubin  Devnani

Zubin Devnani

Security Researcher
Zubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways... Read More →
avatar for Dhiraj Mishra

Dhiraj Mishra

Security Researcher
An active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat and presented in conferences such as Ekoparty, Hacktivity, PHDays & HITB. In his free time, he blogs at www.inputzero.io and tweets on @RandomDhiraj... Read More →


Tuesday May 25, 2021 12:00pm - Wednesday May 26, 2021 4:00pm EDT
Zoom

12:00pm EDT

DevSecOps Hands-on: Putting Security Checks into Your Build Pipeline
This hands-on workshop gives insight into automation capabilities of security scans, which perfectly fit into many build pipelines. Taking into account frontends (Web) as well as backends (APIs), you will learn what steps of a security analysis can be best automated – and how. By focussing on OpenSource solutions (OWASP ZAP), you will get a tool arsenal with different automation options ready to test your application’s security on every build. During this workshop we will enhance a typical Jenkins-based CI/CD pipeline (every attendee will get an individual Jenkins server in the cloud ready to use with multiple levels of tool integrations) with a specially prepared vulnerable training application step by step into a full-fledged awesome DevSecOps AppSecPipeline.

Speakers
avatar for Christian Schneider

Christian Schneider

Whitehat Hacker, Christian Schneider
Christian has pursued a successful career as a freelance Java software developer since 1997 and expanded it in 2005 to include the focus on IT security. His major areas of work are penetration testing, security architecture consulting, and threat modeling. As a trainer, Christian... Read More →


Tuesday May 25, 2021 12:00pm - Wednesday May 26, 2021 4:00pm EDT
Zoom

12:00pm EDT

Hacking iOS and IoT apps by Example
This course is the culmination of years of experience gained via practical penetration testing of mobile applications as well as countless hours spent in research. We have structured this course around the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. As we try to keep both new and advanced students happy, the course is very comprehensive and we have not met any student able to complete all challenges during the class, therefore training continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Each day starts with a brief introduction to the mobile platform for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

Day 1: Focused on iOS: We start with understanding iOS Architecture and various security precautions in place. We then focus on static and dynamic analysis of the applications at hand. The day is filled with hands-on exercises ending with a CTF for more practical fun.

Speakers
avatar for Abraham Aranguren

Abraham Aranguren

7ASecurity
After 13 years in ITsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other even... Read More →


Tuesday May 25, 2021 12:00pm - Wednesday May 26, 2021 4:00pm EDT
Zoom

12:00pm EDT

Hacking Modern Web apps: Master the Future of Attack Vectors
This course is the culmination of years of experience gained via practical penetration testing of Modern Web applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Web apps. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Each section starts with a brief introduction to the Modern platform (i.e. Node.js) for that section and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

Section 1: Focused specifically on Hacking Modern Web Apps: We start with understanding Modern Web Apps and then deep dive into static and dynamic analysis of the applications at hand. This section is packed with hands-on exercises and CTF-style challenges.

Speakers
AA

Anirudh Anand

Security Trainer, 7ASecurity
Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Senior Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 7 yea... Read More →


Tuesday May 25, 2021 12:00pm - Wednesday May 26, 2021 4:00pm EDT
Zoom

12:00pm EDT

Kubernetes Security Masterclass - Discoverer Edition
Kubernetes has emerged as the leading container orchestration and management platform for on-prem and cloud environments. However, Kubernetes is a multi-headed beast with several minute and nuanced security configuration parameters. In addition, attackers take advantage of these insecurely configured and designed Kubernetes deployments and perform deep-incursions into the organization’s assets. This training is a hard-core hands-on view of Kubernetes Security from an Attack and Defense perspective. The course takes the participants through a journey where they start with setting up a Kubernetes cluster (simulating an on-prem Kubernetes) deployment, attack the cluster and learn, through multiple deep-dive examples and cookbooks on how they can effectively secure Kubernetes clusters. The course is aimed at providing a view of attacking, auditing and defending Kubernetes clusters on-prem or on the cloud

Speakers
avatar for Nithin Jois

Nithin Jois

Senior Security Solutions Engineer, we45
Nithin Jois dons two hats - Apart from being one of the lead trainers at AppSecEngineer, he is also a Senior Solutions Architect at We45 where he has helped build multiple solutions ranging from Vulnerability management to scalable scanner orchestrating systems that leveraged container... Read More →


Tuesday May 25, 2021 12:00pm - Wednesday May 26, 2021 4:00pm EDT
Zoom
 
Tuesday, June 15
 

12:00pm EDT

Cloud-Native Microservices Security Bootcamp
All developers today are also DevSecOps engineers even if they are not aware of it. In this Bootcamp, you will learn how to secure cloud-native Java microservices. First, we will look into what are the common security risks for server-side applications. Then we will directly dive into the hands-on coding parts to see how we can mitigate those security risks in our own applications. Specifically, we'll see how the security patterns are implemented with the most widely used frameworks Spring Boot (main focus) and Micronaut (partly). In the last part, you will also learn how to implement automated security tests along the testing-pyramid.


Learning Objectives:
- OWASP Top 10 (Web Application Security Risks)
- OWASP API Top 10 - Securing Spring Boot applications
- Securing Micronaut applications - Authentication and Authorization
- Basic Auth, Session Management, MTLS, WebAuthn
- OAuth 2.0 and OpenID Connect
- Configuring HTTPS connections
- Encryption and password hashing
- Security response headers
- Defense against Session Hijacking, SQL injection, XSS, and CSRF
- Securing both blocking servlet-based and non-blocking reactive web applications
- Automated security tests

Speakers
avatar for Andreas Falk

Andreas Falk

Managing Consultant, Novatec Consulting
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. For more than 20 years, he has been involved in various projects as an architect, coach, and developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID... Read More →


Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm EDT
Zoom - UTC +3

12:00pm EDT

DevSecOps Masterclass - Discoverer Edition
Managing comprehensive security for continuous delivery of applications across organizations continues to remain a serious bottleneck in the DevOps movement. The methodology involved in implementing effective security practices within delivery pipelines can be challenging. This training is designed to give a practical approach of implementing Security across Continuous Delivery Pipelines by leveraging the plethora of cloud offerings and is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work. The training starts with Application Security Automation for SAST, SCA and DAST, apart from Vulnerability Management and Correlation. Finally, the training concludes with leveraging Security Automation in the Cloud with detailed perspectives of implementing scalable security for cloud-native deployments. By the end of this training, attendees will have ideas and hands-on experience to successfully kickoff DevSecOps implementations.

Speakers
avatar for Nithin Jois

Nithin Jois

Senior Security Solutions Engineer, we45
Nithin Jois dons two hats - Apart from being one of the lead trainers at AppSecEngineer, he is also a Senior Solutions Architect at We45 where he has helped build multiple solutions ranging from Vulnerability management to scalable scanner orchestrating systems that leveraged container... Read More →


Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm EDT
Zoom - UTC +3

12:00pm EDT

Hacking Android and IoT apps by Example
This course is the culmination of years of experience gained via practical penetration testing of mobile applications as well as countless hours spent in research. We have structured this course around the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. As we try to keep both new and advanced students happy, the course is very comprehensive and we have not met any student able to complete all challenges during the class, therefore training continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Each day starts with a brief introduction to the mobile platform for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

Day 1: Focused specifically on Android: We start with understanding applications and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands-on exercises and CTF-style challenges.

Speakers
avatar for Abraham Aranguren

Abraham Aranguren

7ASecurity
After 13 years in ITsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other even... Read More →


Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm EDT
Zoom - UTC +3

12:00pm EDT

Hacking Modern Desktop apps: Master the Future of Attack Vectors
This course is the culmination of years of experience gained via practical penetration testing of Modern Desktop applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Desktop apps. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Each day starts with a brief introduction to the Modern platform (i.e. Node.js, Electron) for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.

Day 1: Focused on Hacking Modern Desktop Apps: We start with understanding Modern Desktop apps and various security considerations. We then focus on static and dynamic analysis of the applications at hand. The day is filled with hands-on exercises ending with a CTF for more practical fun.

Speakers
avatar for Abraham Aranguren

Abraham Aranguren

7ASecurity
After 13 years in ITsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other even... Read More →


Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm EDT
Zoom - UTC +3

12:00pm EDT

Secure your SDLC using OWASP SAMM - ASAP!
Building security into the software development and management functions of a company can be a daunting task. There are many variables in the equation: company structure, different stakeholders, technology stacks, tools and processes, and competing priorities. Implementing software assurance can have a significant, positive impact on the organization. Yet, trying to achieve this without a good framework is likely to produce only marginal and unsustainable improvements. The OWASP Software Assurance Maturity Model provides a structural and measurable framework to overcome this challenge. It enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organization.

This 8-hour training - delivered as a mix of presentation, discussion, and interactive workshop - is intended for CSOs, directors, security architects, security analysts, and other application security professionals with responsibility for improving your organization's security posture. You will leave with an in-depth understanding of OWASP SAMM, pragmatic steps and tools for increased agility and compliance, and a template to kickstart your Application Security Assurance Program. Protect the confidentiality, integrity and availability of your data by implementing an application security assurance program in your organization - ASAP!

Speakers
avatar for John Ellingsworth

John Ellingsworth

Security Principal, Ellingsworth
John Ellingsworth is a security principal at a global company where he helps software development teams build and deliver secure enterprise solutions. When not collaborating on secure software solutions, he can often be found outdoors with his family - and probably scaling mountains... Read More →


Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm EDT
Zoom - UTC +3