EUTour2013 Training

From OWASP
Revision as of 15:06, 3 June 2013 by Gfedon (Talk | contribs)

Jump to: navigation, search
Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

OWASP EU TOUR 2013
== TRAINING SESSIONS ==
SPAIN - Barcelona
Date Location
Jueves, 13 de junio de 2013

09:00h - 18:00h
Universitat Ramon Llull, La Salle - URL
Sant Joan de La Salle, 42
E-08022 Barcelona, Spain
Aula: MFS.03

Google maps

Cerullof.jpg
Fabio Cerullo
Taller: Desarrollo Seguro usando OWASP ESAPI

Este curso tiene como objetivo proporcionar los conocimientos y recursos necesarios para mejorar la seguridad de las aplicaciones Java utilizando las librerias OWASP Enterprise Security API (ESAPI). Estas librerias se han diseñado para que sea más fácil para los desarrolladores mejorar la seguridad en aplicaciones existentes, como asi tambien utilizarlas como base para el desarrollo de nuevas aplicaciones. Los principios generales aprendidos en el curso se puede aplicar en el contexto de otros lenguajes de programación.

Perfil del instructor

Fabio Cerullo, CEO y fundador de Cycubix, ayuda a clientes de todo el mundo a mejorar la seguridad de aplicaciones desarrolladas internamente o por terceros, mediante la definición de políticas y normas, implementando iniciativas de desarrollo seguro y gestión de riesgos, así como brindando capacitación sobre el tema a desarrolladores, auditores, ejecutivos y profesionales.
Como miembro de la Fundación OWASP, Fabio se encarga de coordinar actividades globales de concientizacion sobre seguridad de aplicaciones con empresas privadas, gobiernos e instituciones educativas.

Duracion: 8 horas (09:00h - 18:00h)

Precio: 250€ No miembros / 200€ Miembros OWASP. Existen tambien descuentos para grupos y miembros de ATI.

Regístrese a este taller: HAGA CLIC AQUI!

Date Location
Jueves, 13 de junio de 2013

14:00h - 18:00h
Universitat Ramon Llull, La Salle - URL
Sant Joan de La Salle, 42
E-08022 Barcelona, Spain
Aula: MFS.04

Google maps

Simonroses.png
Simón Roses
Taller: OSINT + Python = Custom Hacking Workshop

Taller práctico que combina el arte de OSINT (Open Source Inteligence) mediante el desarrollo de scripts en Python utilizando diversas API y librerías disponibles. A lo largo del taller se realizarán ejercicios prácticos con el objetivo de asimilar los conceptos por parte del alumno.

Para entrar en materia se recomienda la lectura del siguiente artículo:
http://www.simonroses.com/es/2013/05/osint-python-hacking-a-medida/.

Perfil del instructor

Simón Roses eslicenciado en Informática por Suffolk University (Boston), Postgrado en E-Commerce, Harvard University (Boston) y Executive MBA, Instituto de Empresa (Madrid).

En la actualidad es el CEO de VULNEX. Anteriormente formó parte de Microsoft, PriceWaterhouseCoopers y @Stake.

Creador y colaborador en varios proyectos de código abierto de seguridad como OWASP Pantera y LibExploit, además de publicar avisos en seguridad de conocidos productos.

Ponente habitual en eventos del sector de seguridad incluyendo BlackHat, RSA, OWASP, DeepSec, Source y Technets de seguridad de Microsoft.

CISSP, CEH y CSSLP.

Duracion: 4 horas (14:00h - 18:00h)

Precio: 125€ No miembros / 100€ Miembros OWASP. Existen tambien descuentos para grupos y miembros de ATI.

Regístrese a este taller: HAGA CLIC AQUI!.

Date Location
Jueves, 13 de junio de 2013

09:00h - 13:00h
Universitat Ramon Llull, La Salle - URL
Sant Joan de La Salle, 42
E-08022 Barcelona, Spain
Aula: MFS.04

Google maps

Matiaskatz.png
Matias Katz
Taller: OWASP Top 5

Esta formación incorporará las técnicas de ataque a plataformas Web más importantes en la actualidad, estandarizadas mediante la norma OWASP Top 5. El curso presentará al alumno la forma de realizar estos ataques, y las contramedidas necesarias para mitigar su riesgo en sus desarrollos. La clase contará con contenido teórico y demostraciones prácticas e interactivas de laboratorio. Esta formación está orientada a desarrolladores, administradores de bases de datos, analistas de sistemas, auditores de seguridad, jefes de proyecto, así como cualquier otro interesado en las principales técnicas de ataque y defensa en aplicaciones Web.

Perfil del instructor

Matias Katz is an IT architect and a security specialist. He's CISSP, CEH and MCSE certified, and has 10 years of experience in the field, focusing in the implementation of security audits, in infrastructures and critic applications for big organizations, both private and public.

After working at IBM for several years, in 2008 Matias founded Mkit Argentina (link: http://www.mkit.com.ar), a company that specializes in performing security audits, vulnerability analysis and penetration tests to organizations, companies and the public sector. The company also gives training of a high technical level for companies, organizations and end-users.

Matias also works as an external consultant for the computer crimes division of the federal police department in Argentina, where he collaborates in open cases through the acquirement of digital evidence and performing active investigations for the potential suspects.

He is a professor in 3 universities in Argentina, both in engineering courses and information security post-graduate degree courses.

He has presented at some of the most important security conferences, like BlackHat, Ekoparty, H2HC, Campus Party. He has dozens of published papers, and has created many tools used daily by security professionals world-wide, for their security audits.

Duracion: 4 horas (09:00h - 13:00h)

Precio: 125€ No miembros / 100€ Miembros OWASP. Existen tambien descuentos para grupos y miembros de ATI.

Regístrese a este taller: HAGA CLIC AQUI!.


Date Location
Tuesday, June 25th, 2013

09:00h - 18:00h
TCube
32 - 34 Castle Street, Dublin 2, Ireland

Google Maps

Paco2.jpg
Paco Hope
DEFENSIVE PROGRAMMING – JAVASCRIPT AND HTML5

HTML5 is the fifth revision of the HTML standard. HTML5, and its integration with JavaScript, introduces new security risks that we need to carefully consider when writing web front-end code. Modern web-based software, including mobile web front-end applications, makes heavy use of innovative JavaScript and HTML5 browser support to deliver advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware of the security implications of the technologies they use.

The Defensive Programming – JavaScript/HTML5 course helps web front-end developers understand the risks involved with manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML 5 such as cross-domain requests and local storage. The course reinforces some important security aspects of modern browser architecture and presents the student with defensive programming techniques that can be immediately applied to prevent common vulnerabilities from being introduced. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code.

Prerequisites: Students should be familiar with Web programming environments and technologies including JavaScript and HTML. Completion of the Foundations of Software Security, Attack and Defense, or OWASP Top Ten + 2 courses is highly recommended.

Instructor Profile

Mr. Hope is a Principal Consultant for Cigital with over 12 years experience in the securing of software and systems. He sets the technical direction in Europe and leads consultants delivering static source code analysis, architectural risk assessments, vulnerability assessments, and penetration tests.

His experience covers web applications, online gaming (gambling), embedded gaming devices, lotteries, and business-to-business transaction systems. He has assessed systems for small startups with thousands of lines of code, and massive enterprises with thousands of applications and millions of lines of code.

He is a frequent conference speaker at such venues as OWASP, RSA (US and Europe), Security B-Sides, and SecAppDev. He speaks on issues like integrating security into the software development lifecycle (SDLC), securing web applications, and secure random number generation.

Paco is also involved in the leadership of the London Chapter of (ISC)2. He also serves on (ISC)2's Application Security Advisory Board, helping to advise on the direction of the Certified Secure Software Lifecycle Professional (CSSLP) certification. He has held the CISSP for nearly 10 years and the CSSLP since shortly after its creation.

Mr. Hope has co-authored two books on software security: the Web Security Testing Cookbook and Mastering FreeBSD and OpenBSD Security. He has also authored a chapter of Gary McGraw's Building Security In.

Duration: 8 hours (09:00h - 18:00h)

Price: 350€ Non members / 300€ OWASP members.

Registration link: [Link].

Date Location
Friday 28th June

09:00h - 13:00h
Università Degli Studi Roma Tre
Giorgio fedon.jpg
Giorgio Fedon
Title: Mobile Application Security and Security Development Introduction

Students will learn mobile hacking techniques and remediation strategies for Android and iPhone operating systems. They will understand platform security models, mobile application secure design, mobile application security errors, mobile application vulnerabilities related to in-house development. Exploiting techniques for operating system components are explained in the extent they may impact on a company SSDLC process for their mobile applications.

Instructor Profile Giorgio Fedon is the COO and a cofounder of Minded Security, where he is responsible for running daily operations of the company and managing Professional Services.

Prior to founding Minded Security, Giorgio was employed as senior security consultant and penetration tester at Emaze Networks S.p.a., delivered code auditing, Forensic and Log analysis, Malware Analysis and complex Penetration Testing services to some of the most important Companies as Banks and Public Agencies in Italy. He participated as speaker in many national and international events talking mainly about web security and malware obfuscation techniques. He was also employed at IBM System & Technology Group in Dublin (Ireland).

Language: English and Italian

Duration: 4 horas (09:00h - 13:00h)

Price: The prices are: 125 Euro for non members / 100 Euro for members.

Registration Link: Register Here.