OWASP EU Summit 2008 Training (Courses to be Approved)

From OWASP
Revision as of 18:37, 7 October 2008 by Bradcausey (Talk | contribs)

Jump to: navigation, search

Upon detail completion and board approval courses will be moved towards the main agenda.


Contents

Source Code Review

Instructor

Eoin Keary and Daniel Cuthbert (TBC)

Duration

0.5 day

Summary

An introduction to secure code review from an OWASP standpoint. Covering how to approach the review, tips and leading practice on how to get the best from a source code review. A look at the OWASP tools that support the code review guide.

Audience Anyone that would like to learn more about secure code review.

Table of Contents

TBD Course Specifics

TBD

Advanced Phishing and Social Engineering Training

Instructor

Joshua Perrymon

Duration

1 day

Summary

Please enter the text here.

Audience

Please enter the text here.

Table of Contents

This class is designed to illustrate hands-on methods used in the real world attacking the human layer. This includes a focus on spear-phishing using the newly introduced OWASP phishing framework (LUNKER). Attendees will identify target emails using a variety of methods, identify potential phish sites, create a spoofed email and send the attack all in a locally ran test environment in Vmware or LiveCD.

Upon completion of this course, attendees will have an in-depth understanding of the latest techniques used to perform these type of attacks. The class will also include additional social engineering attack methods such as impersonation, authority attacks, pre-text attacks, and much more. Advanced topics such as Email Payloads and 2nd Factor token MITM attacks will be covered as well.

1. Introduction to Social Engineering

2. Understanding the Human Aspect of Security

3. Review of aggressively vertical hacking methodology

4. Analysis of attack trending over the years (Up the OSI Model)

5. Review of public Social Engineering Attacks in the media

6. Hands on: Spear Phishing Demo using the Lunker Framework

    a. Understanding the Social Engineering Scope of work
    b. Setup Client Info
    c. Gather Email addresses/targets
    d. Identify potential phishing sites
    e. Creation of spoofed emails
        i. Custom footers
        ii. Attack Scenarios
        iii. Email header options

f. Test Environment: Review the spoofed email and phishing site

g. Send attack

h. Monitor: Discuss steps to take at this point once the users send in credentials.

i. Advanced Phishing Attacks: Recon, XSS/CSRF/Browser Exploit/Trojan payloads

j. MITM Attacks on 2-factor Authentication

k. Summary


Course Specifics

Please enter the text here. (i.e. bring your own laptop)

OWASP ESAPI

Instructor

Jeff Williams, Aspect Security

Duration

1 day.

Summary

Please enter the text here.

Audience

Please enter the text here.

Table of Contents

Please enter the text here.

Course Specifics

Please enter the text here. (i.e. bring your own laptop)

Web Services and SOA Security

Instructor

Dave Wichers, Aspect Security

Duration

2 days

Summary

Please enter the text here.

Audience

Please enter the text here.

Table of Contents

Please enter the text here.

Course Specifics

Please enter the text here. (i.e. bring your own laptop)

Advanced Web Application Security Testing

Instructor

Michael Coates, Aspect Security

Duration

2 days

Summary

Please enter the text here.

Audience

Please enter the text here.

Table of Contents

Please enter the text here.

Course Specifics

Please enter the text here. (i.e. bring your own laptop)


Testing Guide Training

Instructor

Matteo Meucci, Giorgio Fedon - Minded Security.

Duration

4h.

Summary

This course will discuss the new OWASP Testing Guide v3 methodology and the most relevant tests of the 66 total controls of the Guide. You can learn how to test a web application and how to write a report.

Audience

Software developers, security consultants, auditors.

Table of Contents

The course will discuss the methology and will analize the 9 sub-categories of the Testing Guide:

  • Configuration Management Testing
  • Business Logic Testing
  • Authentication Testing
  • Authorization testing
  • Session Management Testing
  • Data Validation Testing
  • Denial of Service Testing
  • Web Services Testing
  • Ajax Testing

Course Specifics

Bring your own laptop.

AJAX Security

Instructor

Brad Causey

Duration

1 Day

Summary

This course will provide an introductory to AJAX, its inherent security issues, how to detect them, and how to resolve them.

Audience

Web Application Security Professionals

Table of Contents

-Introduction to AJAX -Security Issues with architecture -Toolkits -Toolkit Security Concerns -Bridges and Issues -Attacking AJAX -Defending AJAX -Securing the Code -Best Practices -Other Issues and Concerns -Q and A


Course Specifics

Please bring your own laptop with your choice of web proxy and browser installed if you wish to participate. Participation is optional.

Course Name {template}

Instructor

Please enter the text here.

Duration

Please enter the text here.

Summary

Please enter the text here.

Audience

Please enter the text here.

Table of Contents

Please enter the text here.

Course Specifics

Please enter the text here. (i.e. bring your own laptop)