OWASP’s 13
th Annual AppSecUSA Conference is quickly approaching and we have a great program lined up for attendees!
The conference will kick off on October 11
th with two full days dedicated to hands-on training sessions led by the industry’s leading software security experts.
Seats are still available for one and two day passes. To purchase your ticket and see the full line up of training sessions, visit:
https://2016.appsecusa.org/training-schedule/
Below is a glimpse at the cutting-edge training sessions offered at this year’s event:
Training Session Highlights
Assessing and Exploiting Control Systems & IoT
This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.
ERP Security:Assess, Exploit and Defend SAP Platforms
Your SAP platform contains the business crown jewels of your company. However, while leading organizations are protecting their systems from new types of SAP threats, still many are prone to SAP-specific vulnerabilities that are exposing their business to espionage, sabotage and financial fraud risks. This course empowers Security Managers, Internal/External Auditors and InfoSec Professionals to assess their SAP platforms for platform-specific vulnerabilities, exploit them to better understand the involved business risk and mitigate them holistically.
Mobile Application Exploitation iOS and Android
Even wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job.
This will be an introductory course on exploiting iOS and Android applications. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and other vulnerable applications that are written by the trainers in order to give an in-depth knowledge about the different kinds of vulnerabilities in an Mobile applications.
Hands-on Security in DevOps (SecDevOps)
Agile and DevOps have revolutionized the way we deliver apps to customers. Software products today demand rapid everything. Rapid Code Changes, Rapid Deployments and Rapid Delivery. In addition, you have embraced Agile Development Methodologies that stress on iterative product development and flexibility to changing environments. There is one major problem in this entire chain, and that is Application Security. In the we45 Certified SecDevOps Professional program you will receive powerful hands on training on how you can implement scalable and effective security for rapid-release applications.
AppSec Safari
Tired of reading about vulnerabilities or seeing screen captures of other people landing the big one? Join our AppSec Safari and go toe-to-toe with an application. Track a bug through multiple fields and feel the triumph of exploiting the flaw yourself!
The Safari will take you on a guided tour of cross-site scripting, SQL injection, privilege escalation and more. We’ll present a refresher on each vulnerability type, provide example exploits and turn you loose on a real application hosted in a local test environment. We’ll give hints as needed to maximize your chances of success. If you get ahead of the group, build your skills by chasing vulnerabilities we’ve hidden in the environment.
If you’re an application developer or security practitioner who is looking to solidify your theoretical knowledge, join our safari. Bring a laptop with an Ethernet port that is capable of running a Kali live image, or have the following tools installed: ZAP, sqlmap, MySQL client, Remote Desktop client.
