Loading…
AppSec IL 2020 has ended
Welcome to Virtual AppSec Israel 2020!

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Training [clear filter]
Tuesday, October 27
 

09:00 IST

Define and Execute Your Product Security Strategy With OWASP SAMM 2
Overview:
In this hands-on workshop, you will try out OWASP SAMM 2 yourself to better understand how it can help you define the product security strategy for your organization. We will focus on understanding the model, carrying out an assessment and using the gathered data to define a security roadmap.


Agenda (3 hours):

1. Introduction
Motivation for a maturity model
Overview of SAMM
SAMM and other models

2. Performing an Assessment:
Supporting tools
Scope definition
Explanation of the business functions
Hands-on assessment

3. Creating a Roadmap
Economical considerations
Working with stakeholders
Measuring and reporting

4. Success Tips
Leveraging other SAMM resources and OWASP projects
SAMM Benchmarking
Interacting with the SAMM community

Prerequisites:
Internet browser
MS Excel if possible

Speakers
avatar for Daniel Kefer

Daniel Kefer

IT Security, 1&1
Daniel has been working in the application security field for thirteen years. Having started as a penetration tester, he soon bought into the mission of making security a business enabler by guiding product teams through security challenges during the whole lifecycle. He currently... Read More →


Tuesday October 27, 2020 09:00 - 12:00 IST
Track A

13:00 IST

Intro to Hacking Web Applications
Overview:
The vast majority of cyber attacks against a web application are relatively easy to defend – yet most applications remain vulnerable. In fact many developers aren’t even aware of how simple these attacks are to execute.

Spoiler alert: it’s really, really easy.

During this day-long workshop we’ll learn a variety of tools (including OWASP ZAP) to hack a vulnerable web application written in Node.js, Express and Angular. We’ll cover a variety of approaches to how attackers exploit web applications: everything from XSS and SQL injections, and lots of other hacking tricks.
Be prepared to learn, laugh and cry as we explore security flaws common to most web applications. You’ll leave this workshop with hands-on experience in penetration testing methodology, a deep understanding of the current OWASP best practices, and a broad appreciation for application security.

If you can’t protect your web applications from hackers, who will?

Agenda (3 hours):
  • 0:00 Intro & Broad discussion of Web App technologies (HTML, CSS, JS)
  • 0:15 Tour of Browser DevTools
  • 0:30 Use DevTools to find the easter eggs in OWASP Cyber Scavenger Hunt
  • 0:45 Browser extensions to help us enumerate Web App technologies
  • 1:00 Introduction of OWASP Juice Shop
  • 1:15 Using DevTools to find the Juice Shop “scoreboard”
  • 1:30 Solving some Juice Shop challenges
  • 2:00 Introduction of OWASP ZAP
  • 2:00 Enumerating the Juice Shop application with ZAP
  • 2:30 Advanced ZAP features
  • 3:00 End

Prerequisites:
Instance of OWASP Juice Shop (locally or via Heroku)
Install OWASP ZAP
Install Firefox or Chrome
Permissions to Install Browser extensions



Speakers
avatar for Arthur Kay

Arthur Kay

Principal Software Engineer, Cox Automotive
With nearly 20 years of engineering, operations and cybersecurity experience, Arthur Kay offers an extraordinary set of leadership skills and technical expertise to develop meaningful products and high-performing teams.Arthur is a successful entrepreneur, technology professional... Read More →


Tuesday October 27, 2020 13:00 - 16:00 IST
Track A