Export to

Google Calendar
iCalendar file
hCalendar markup
<div class="vevent h-event"> <h1 class="summary p-name">OWASP Training Day 2016</h1> <div class='date'><time class="dtstart dt-start" title="2016-11-02T08:00:00" datetime="2016-11-02T08:00:00">Wednesday, November 2, 2016 from 8am</time>–<time class="dtend dt-end" title="2016-11-02T19:30:00" datetime="2016-11-02T19:30:00">7:30pm</time></div> <div class="location vcard p-location h-card"> <a class="url" href='http://calagator.org/venues/202390005'><span class='fn org p-name'>Portland State University (PSU) - Smith Memorial Center</span></a> <div class="adr p-adr h-adr"> <div class="street-address p-street-address">1825 SW Broadway</div> <span class="locality p-locality">Portland</span> , <span class="region p-region">OR</span> <span class="postal-code p-postal-code">97201</span> <div class="country-name p-country-name">US</div> (<a href='https://maps.google.com/maps?q=1825%20SW%20Broadway,%20Portland%20OR%2097201%20US'>map</a>) </div> </div> <div class="description p-description"> <p>This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. (Similar training may cost more than 10 times as much in a conference setting.) It will also be a great chance to network with the local infosec community.</p> <p><b><i>For more information on the schedule and how to register, see the <a href="https://www.owasp.org/index.php/OWASP_Portland_2016_Training_Day">main event page</a></i></b>.</p> <p><i>Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!</i></p> <hr> <h1>Morning Session</h1> <br> <h2>Cyber Hygiene - Critical Security Controls</h2> <p>With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.</p> <br> <h2>Introduction to Injection Vulnerabilities</h2> <p>Instructor: Timothy D. Morgan Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.</p> <h1>Afternoon Session</h1> <br> <h2>Applied Physical Attacks on Embedded Systems, Introductory Version</h2> <p>This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.</p> <br> <h2>Communications Security in Modern Software</h2> <p>Securing communications over untrusted networks is a critical component to any modern application's security. However, far too often developers and operations personnel become tripped up by the many pitfalls of implementation in this area, which often leads to complete failures to secure data on the wire. In this course we discuss how attackers can gain access to other users' communication through a variety of techniques and cover the strategies for preventing this. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. A hands-on exercise is included in the course which helps students empirically test SSL/TLS certificate validation in a realistic scenario.</p> <hr> <h1>About OWASP</h1> <p>The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: <a href="https://lists.owasp.org/mailman/listinfo/owasp-portland">https://lists.owasp.org/mailman/listinfo/owasp-portland</a></p> <br> </div> <h3>Links</h3> <ul> <li><a class="url u-url" href="https://www.owasp.org/index.php/OWASP_Portland_2016_Training_Day">Website</a></li> </ul> </div>

You can edit, clone, or delete this event.

This item was added directly to Calagator
Tuesday, October 11, 2016 at 6:21pm and last updated
Tuesday, October 11, 2016 at 6:22pm.

OWASP Training Day 2016

Wednesday, November 2, 2016 from 8am–7:30pm

Portland State University (PSU) - Smith Memorial Center

1825 SW Broadway

Portland, OR 97201, US (map)

Access Notes

See: http://www.pdx.edu/sites/www.pdx.edu.conferences/files/media_assets/PSU%20C%20and%20E%20Venue%20Policies_08.15.2011.pdf

Website

https://www.owasp.org/index.php/OWASP_Portland_2016_Training_Day

Description

This year the Portland OWASP chapter is hosting a training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. (Similar training may cost more than 10 times as much in a conference setting.) It will also be a great chance to network with the local infosec community.

For more information on the schedule and how to register, see the main event page.

Courses are held in two tracks: two in the morning session, and two in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!

Morning Session

Cyber Hygiene - Critical Security Controls

With so many types of network attacks and so many tools/solutions to combat these attacks, which should I implement first? Which should I buy? Can I build it myself? The CIS Critical Security Controls are a prioritized approach to ensuring information security. As a general risk assessment, the Critical Security Controls address the past, current and expected attacks occurring across the Internet. In this course we will outline the controls, discuss implementation and testing, and provide examples.

Introduction to Injection Vulnerabilities

Instructor: Timothy D. Morgan Ever concatenated strings in your code? Did those strings include any kind of structured syntax? Then your code might be vulnerable to injection. Injection flaws are broad, common category of vulnerability in modern software. While many developers are aware of high-profile technical issues, such as SQL injection, any number of injection vulnerabilities are possible in other languages, protocols, and syntaxes. Upon studying these flaws in many contexts, an underlying "theory of injection" emerges. This simple concept can be applied to many situations (including new technologies and those yet to be invented) to help developers avoid the most common types of implementation vulnerabilities. The reason why "injection" is #1 on the OWASP Top 10 will become very clear by the end of this class. This course will provide students a detailed introduction to injection vulnerabilities and then get students busy with hands-on exercises where a variety of different injection flaws can be explored and understood in real-world contexts.

Afternoon Session

Applied Physical Attacks on Embedded Systems, Introductory Version

This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

Communications Security in Modern Software

Securing communications over untrusted networks is a critical component to any modern application's security. However, far too often developers and operations personnel become tripped up by the many pitfalls of implementation in this area, which often leads to complete failures to secure data on the wire. In this course we discuss how attackers can gain access to other users' communication through a variety of techniques and cover the strategies for preventing this. The course covers specific topics ranging from the SSL/TLS certificate authority system, to secure web session management and mobile communications security. A hands-on exercise is included in the course which helps students empirically test SSL/TLS certificate validation in a realistic scenario.

About OWASP

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland