Loading…
AppSec Europe 2016 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Lightning Training [clear filter]
Thursday, June 30
 

10:20

Lightning Training - Using the OWASP HackAdemic Challenges Project
Participants will learn about: Installation, Basic Usage, Writing Challenges and using the project in a class environment

Speakers
avatar for Konstantinos Papapanagiotou, Spryros Gastreratos

Konstantinos Papapanagiotou, Spryros Gastreratos

Information Security Services Team Lead, OTE
Both trainers are Hackademic project leaders, long time OWASP members and application security professionals


Thursday June 30, 2016 10:20 - 12:00
Caravaggio 8

14:10

Lightning Training - Building a Software Security Program
This training will focus on basic steps development teams can take to build a software security program. This is done by using sample case scenarios of what works and what does not work by experience

Speakers
KH

Kuai Hinojosa

I am the President for the Minneapolis - St Paul OWASP Chapter in Minnesota. I have lead this chapter for two years (2008 - 2010). Meanwhile, I have become a faithful OWASP missionary. I am now a board member for NYC/NJ Chapter where I lead local OWASP Education efforts and I am also... Read More →


Thursday June 30, 2016 14:10 - 15:40
Caravaggio 8

16:15

Lightning Training - How to Use OWASP Security Logging
This presentation will provide an overview of the OWASP Security Logging project, a standard Log4j compatible  Java API to log security related events. The presenters will discuss the case for logging security events, what  types of events to log, how to use the API in your code, and provide examples of API features:  * Overview of the security logging API features/benefits   * Overview of SLF4J logger features from security perspective   * Security logging with log4j, log4j2, logback, and JDK logging   * "Hello World" with security logging   * Logging console application properties   * Logging servlet application properties with correlated data like User ID   * Filtering passwords from logs   * Customize filtering for removing SSN/credit cards from logs   * Adding interval logging to your project   * Customize interval logging   * Adding information classification (e.g., CLASSIFIED messages) to projects

Speakers
avatar for August Detlefsen

August Detlefsen

Senior Application Security Consultant, CodeMagi, Inc.
August Detlefsen (California) is a Senior Security Consultant who has presented at JavaOne (2008, 2012) as well as AppSec USA (2014, 2015) and is the co‐author of Iron‐Clad Java: Building Secure Web Applications. August also teaches customized secure coding classes for large... Read More →
SV

Sytze van Koningsveld

Sytze van Koningsveld (Netherlands) is Senior Java Developer at KLM Royal Dutch Airlines, and OWASP He is especially interested in open source projects and specialized in defensive security measures.
avatar for Milton Smith

Milton Smith

Sr. Principal Security Analyst, Oracle
Milton Smith (California) is an application security security principal at Oracle working strategically to improve application security. Milton is also a project leader for both the OWASP Security Logging Project and the DeepViolet for SSL/TLS scanner project. Prior to Oracle, Milton... Read More →


Thursday June 30, 2016 16:15 - 17:45
Caravaggio 8
 
Friday, July 1
 

10:20

Lightning Training - Security Automation using ZAP
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications.  ZAP provides a rich set of APIs which allows the capability to interact with ZAP programmatically.  This lightning flash training will prove a kick starter for automating ZAP and would cover the following topics:  - Quick run through of ZAP GUI - Understanding what can be automated - How to integrate ZAP with automation scripts - Example scripts/Hands-on - Some delicate considerations

Speakers
avatar for Vaibhav Gupta

Vaibhav Gupta

Security Researcher, Adobe
Vaibhav Gupta is a security researcher with Adobe Systems. His interest and work fall under handling proactive and reactive application security assignments. His has a diverse exposure to InfoSec industry, primarily in security automation, security reviews, pen-tests and exploitation... Read More →


Friday July 1, 2016 10:20 - 12:00
Caravaggio 8

14:10

Lightning Training - Getting started with AWS Security
Due to increasing adoption of Amazon web services (AWS) as a cloud service provider, security is of paramount importance. In this training, we will demonstrate the impact of misconfigured AWS infrastructure (pivoting from a vulnerable demo application) that will lead to multiple security impacting scenarios. We will then walk-through a series of defense-in-depth actionable steps that attendees will be able to apply in real-life deployments.

Speakers
avatar for Mukul Khullar

Mukul Khullar

Staff Security Engineer, LinkedIn
Mukul Khullar is a security researcher with over 9 years of industry experience, primarily focused on application security and penetration testing. At Linkedin, Mukul holds the Staff security engineer title, and is responsible in identifying vulnerabilities and security design flaws... Read More →
RP

Rohit Pitke

Rohit Pitke is a security researcher with over 9 years of experience in the application and network security fields. At LinkedIn, he works as a Senior Information Security Engineer responsible for application security and penetration testing. Prior to that, Rohit has worked at multiple... Read More →


Friday July 1, 2016 14:10 - 16:10
Caravaggio 8