Warning!

You are using an unsupported version of Internet Explorer (IE Version 8 and Earlier). Please upgrade to the latest version of IE. We also support Firefox and Chrome as alternative browsers and find users have the best experience on Chrome (any recent version).

AppSec California 2015 - Training

Step 1 of 4: Register for Event




Sign up for training and receive 50% off conference registration (you will receive an email with a discount code upon signing up for training)

 
 

Where:

Annenberg Community Beach House
415 Pacific Coast Hwy,
Santa Monica, CA 90402
United States

When:

1/26/2015 1:30 PM   -  1/28/2015 11:00 PM
Add to Calendar 26-01-2015 13:30:00 28-01-2015 23:00:00 35 AppSec California 2015 - Training Sign up for training and receive 50% off conference registration (you will receive an email with a discount code upon signing up for training) Annenberg Community Beach House Santa Monica CA OWASP Foundation false DD/MM/YYYY

 
 
Contact Information






Address Information









Registration Types
Select Your Sessions
 
  Session Name
Date & Time
Room
   Advanced Web Exploitation KungFu - Instructor - Abhishek Sahni    $ 800.00
Monday    Jan 26 @ 08:30 AM - 05:00 PM  
Description
Instructor - Abhishek Sahni
 
Advanced Web Exploitation Kung Fu is a fast paced training for penetration testers from intermediate level to a pro. It’s a complete hands on training where students will learn the skills to chain various exploits with limited impact to enhance the impact of the final attack, detect tricky vulnerabilities which they have missed in past and exploit them. After the training student will be able craft advanced payloads according to requirement in different situations and automate the exploitation by writing custom scripts.
Creating 0 day exploits and bypassing hard filters will not be a dark secret skill after the completion of this training.
   Cryptography For The Modern Developer - Instructor - Timothy Morgan    $ 800.00
Monday    Jan 26 @ 08:30 AM - 05:00 PM  
Description
Instructor - Timothy Morgan

This course is designed to provide attendees with the core concepts
required to make informed decisions about what cryptographic
primitives and APIs are safest to use in practice. Attendees will
further learn that with a proper implementation, cryptography can make
their development tasks easier, in addition to being more secure. 
 
No significant background in cryptography is required to take this one-day course. However, attendees are expected to have a 
software development background. Lab sessions will include short 
exercises which ask students to write simple programs in their chosen 
language to solve various challenges. The content will include 
approximately 50% lecture and 50% labs or other exercises to reinforce
the concepts presented. 
   Enterprise Incident Response    $ 800.00
Monday    Jan 26 @ 08:30 AM - 05:00 PM  
Description
Instructor - Russ Gideon
 
   Iron-Clad Development: Building Secure Applications, Jim Manico    $ 800.00
Monday    Jan 26 @ 08:30 AM - 05:00 PM  
Description
Instructor - Jim Manico
 
   Risk Centric Threat Modeling & Metrics in the SDL - Instructor - Tony UV    $ 800.00
Monday    Jan 26 @ 08:30 AM - 05:00 PM  
Description
Instructor - Tony UV

This training will walk through the 7 stages of the Process for Attack Simulation and Threat Analysis (PASTA), a risk centric approach to threat modeling that can be paralleled to SDL activities. RACI models, inputs/outputs for each stage will be illustrated via the training as will key metrics on measuring success and maturity (via OpenSAMM) of a threat modeling initiative for any given application type/architecture.

Training will focus on teaching a risk centric approach to threat modeling aim at defining inherent risk for an app, component enumeration, app decomposition, that analysis, vuln/weakness enumeration, attack modeling and countermeasure development.
Tony is the author of the PASTA methodology and has provided this proven threat modeling methodology to applications of various types and deployment models. Leveraging his background in software development, SecOps, Risk Management, and Security Architecture, Tony has unified key lessons learned in AppSec to develop one of the few risk centric models in threat modeling.
   Safely Riding the Rails, Ken Johnson    $ 800.00
Monday    Jan 26 @ 08:30 AM - 05:00 PM  
Description
Instructor - Kenny Johnson
 
   OWASP Top 10 – Exploitation and Effective Safeguards - Instructor, David Caissy    $ 800.00
Monday    Jan 26 @ 08:30 AM - 06:00 PM  
Description
Instructor - David Caissy

The OWASP Top 10 web application vulnerabilities list has done a great job promoting awareness on the subject. Along with many cheat sheets, they provide valuable tools and techniques to web developers. But such a great source of information could be overwhelming for the programmer who wants to learn about security. This course aims at providing all web developers deep hands-on knowledge on the subject.
 
To achieve this goal, participants will first learn the technical details about each OWASP Top 10 vulnerability. The instructor will then give demos on how attacks are performed against these vulnerabilities. This step is critical in understanding how exploitation works so they can later implement effective safeguards in their systems. Our experience is that participants who understand how systems are exploited by hackers will always remember how to protect themselves against these attacks.
 
At the end of the course, participants will have learned:
• What are the OWASP Top 10 vulnerabilities
• How hackers exploit them
• Which safeguards are effective… and which ones are not!