TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
|
|
- Aldous Richardson
- 8 years ago
- Views:
Transcription
1 TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) info@technologytransfer.it
2 BREAKING AND FIXING WEB APPLICATIONS SECURITY ABOUT THIS SEMINAR This rapid immersion class is for experienced web application software developers who want to take a quick but deep dive into the biggest web application security issues. The class is built extensively around a series of hands-on lab exercises in which the students first learn first-hand the details of today s biggest web application security defects and how to exploit them. This is immediately followed by a set of labs in which the students learn to remediate those same defects by implementing appropriate fixes in a JavaEE-based web application. This rapid fire approach to breaking and then fixing the security on an actual web application enables students to deeply understand and internalize the biggest security problems faced by today s web application developers. What you Will learn How to find and exploit common security defects in modern Web applications A detailed working knowledge of the OWASP Top-10 (and other) Web application security defects How to remediate a Web application to secure it against the most common security defects in Web applications A detailed working knowledge of how to design and implement security remediations into Web applications audience Web application developers Designers Architects The coding labs are in Java, but the concepts are easily adoptable to other languages. requirements In order to be able to participate in the hands-on exercises, each student will need a laptop computer capable of running a VirtualBox-based Linux virtual machine (provided). We recommend all laptops have local application installation privileges, 8 Gb RAM, and another 20 Gb of disk storage available. If local application installation is not feasible, an installed current version of VirtualBox ( is required to be installed prior to the class.
3 OUTLINE DAy 1 DAy 2 1. class introduction and setup Brief introduction to the class, exercises, and expected outcomes Students install and configure software tools to be used in the upcoming exercises The instructor demonstrates the tools and runs through a sample exercise to ensure all students can use the tools correctly 2. Breaking Web application security Walk through numerous Web app security defects, including OWASP Top-10 (2013) Injection flaws (including SQLi) Cross-site scripting (XSS) 3. continued Additional hands-on walk throughs of numerous Web app security defects, including OWASP Top-10 (2013) Broken authentication and session management Cross-site request forgery (CSRF) 4. continued Additional hands-on walk throughs of numerous Web app security defects, including OWASP Top-10 (2013) Broken access control Server misconfiguration 5. continued Additional hands-on walk throughs of numerous Web app security defects, including OWASP Top-10 (2013) Reliance on weak components Client side code reliance Code quality resulting in security exposures 6. questions and answers 1. coding labs fixing Web application security First, an architectural and source code overview of the app used in the labs How to build and deploy lab environment XSS Walk-through and discussion of all source code used in remediating the vulnerabilities 2. continued SQL Injection 3. continued Access control 4. continued Others 5. contest the challenge! Students are put to the test to see who can finish the contest first The lessons taught in this class are used to solve a puzzle that is highly representative of attacking/testing a modern web application 6. questions and answers 7. closing remarks 7. close
4 PENETRATION TESTING IOS APPS ABOUT THIS SEMINAR This class takes a deep dive into techniques for testing the security of ios apps. Students will learn how to statically and dynamically analyze ios apps for implementation as well as architectural security defects. After a brief description of the ios hardware and software security architecture, the class steps through a myriad of security pitfalls made by many developers. Each weakness is described in detail and explored in hands-on labs to enable students to fully understand and internalize the details. The pitfalls covered start with simple problems and escalate steadily to more and more advanced problems, culminating in the use of Man in the App attacks against running apps. Using MitA techniques, the apps architecture is actively probed and explored via weaknesses in the underlying Objective C run-time environment to look for exploitable weaknesses in client-side security controls. This range of static and dynamic app analysis allows the tester to perform a broad range of security tests on any ios app target. Who should attend ios security Testers Application Developers Designers Architects requirements In order to be able to participate in the hands-on exercises, each student will need a laptop computer with a complete ios development environment (XCode) installed. (Available for free from Apple Computer, Inc.) To perform all exercises including the MitA attacks, a jailbroken ios device is needed. We recommend using a dedicated test device for the testing.
5 OUTLINE DAy 1 DAy 2 1. introduction and tool setup A brief introduction to the problems with developing and testing the security of ios apps Also, class goals and the tools to be used in the labs Class tools installed and demonstrated 2. Platform security architecture Overview of ios platform security features Sandboxing Hardware encryption Pasteboard Hands-on lab exercises to explore features in iphone simulator and hardware device 3. continued Details and hands-on lab exploration of common ios platform security weaknesses Screen shots Cut-n-paste buffer Autocorrect cache 4. application architecture Detailed description of ios app security features App sandbox file space Data protection Hands-on lab exercises 5. continued Additional ios security features, capabilities and weaknesses Keychains App screen shots App caches 1. Jailbreaking A detailed description of how jailbreaking works - Files and folders exposed by jailbreak Hands-on labs to explore data on a jailbroken device (to be provided by students) Exploration of Apple app files outside of normal sandbox environments 2. continued Hands-on labs to perform static analysis of any ios app How to determine potential architectural defects Statically map an ios application to determine its components, linked libraries, etc. 3. dynamic analysis of app run-time A detailed look at Objective-C s soft underbelly, its Run-Time environment Dynamic probing of a running app to learn its architecture Objects and methods in process memory Testing the security of an app s Run-Time environment from the inside of the app Hands-on labs to explore an ios app using Man in the App techniques 4. Bringing it all together How to turn the techniques described in this class into a rigorous security testing process 5. questions and answers 6. closing remarks 6. questions and answers 7. close of day one
6 INFORMATION PARTICIPATION FEE Breaking and fixing Web applications security 1200 Penetration testing ios apps 1200 special price for the delegates who attend both seminars: 2300 The fee includes all seminar documentation, luncheon and coffee breaks. VENUE Roma, Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy) SEMINAR TIMETABLE 9.30 am pm 2.00 pm pm HOW TO REGISTER you must send the registration form with the receipt of the payment to: TECHNOLOGy TRANSFER S.r.l. Piazza Cavour, Rome (Italy) Fax within may 25, 2015 PAYMENT Wire transfer to: Technology Transfer S.r.l. Banca: Cariparma Agenzia 1 di Roma IBAN Code: IT 03 W BIC/SWIFT: CRPPIT2P546 GENERAL CONDITIONS DISCOUNT The participants who will register 30 days before the seminar are entitled to a 5% discount. If a company registers 5 participants to the same seminar, it will pay only for 4. Those who benefit of this discount are not entitled to other discounts for the same seminar. CANCELLATION POLICY A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event date will be liable for the full fee. CANCELLATION LIABILITY In the case of cancellation of an event for any reason, Technology Transfer s liability is limited to the return of the registration fee only. KEN VAN WYK Breaking and Fixing WeB applications security Rome June 8-9, 2015 Visconti Palace Hotel - Via Federico Cesi, 37 Registration fee: 1200 Penetration testing ios apps Rome June 10-11,2015 Visconti Palace Hotel - Via Federico Cesi, 37 Registration fee: 1200 first name... surname... job title... organisation... address... postcode... Stamp and signature Both seminars special price for the delegates who attend both seminars: 2300 city... country... If anyone registered is unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable. telephone... fax Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, Rome (Italy) Tel Fax info@technologytransfer.it
7 SPEAKER ken van Wyk is an internationally recognized information security expert and author of the O Reilly and Associates books, Incident Response and Secure Coding. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors and Steering Committee for non-profit organization, FIRST.org, Inc., Member of the Board of Directors for SecAppDev, and monthly columnist for Computerworld. Ken is also the project leader of the Open Web Application Security Project (OWASP) igoat project. Mr. van Wyk has 22 years experience as an IT Security practitioner in the academic, military, and commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University s Software Engineering Institute, Mr. van Wyk was one of the founders of the Computer Emergency Response Team (CERT ). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others.
KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationTECHNOLOGY TRANSFER PRESENTS MARK BUSINESS INTELLIGENCE ESTENDING BI TO SUPPORT ONLINE MARKETING AND CUSTOMER ANALYSIS
TECHNOLOGY TRANSFER PRESENTS MARK MADSEN SOCIAL MEDIA, WEB ANALYTICS AND BUSINESS INTELLIGENCE ESTENDING BI TO SUPPORT ONLINE MARKETING AND CUSTOMER ANALYSIS ROME MAY 12-13, 2011 VISCONTI PALACE HOTEL
More informationTECHNOLOGY TRANSFER PRESENTS JEN UNDERWOOD ADVANCED WORKSHOP MAY 6, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS JEN UNDERWOOD ADVANCED ANALYTICS WORKSHOP MAY 6, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it ADVANCED
More informationTECHNOLOGY TRANSFER PRESENTS JOHN O BRIEN MODERN DATA PLATFORMS APRIL 14-15 2014 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS JOHN O BRIEN MODERN DATA PLATFORMS APRIL 14-15 2014 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it MODERN DATA
More informationMAX DOLGICER THE INTERNET OF THINGS NAVIGATING THE FUTURE OF INFORMATION TECHNOLOGY
LA TECHNOLOGY TRANSFER PRESENTS PRESENTA MAX DOLGICER THE INTERNET OF THINGS NAVIGATING THE FUTURE OF INFORMATION TECHNOLOGY DECEMBER 14-15, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
More informationTECHNOLOGY TRANSFER PRESENTS MAX DOLGICER THE NEW INTEGRATION MANIFESTO APPLICATIONS, DATA, CLOUD, MOBILE, AND THE INTERNET OF THINGS
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER THE NEW INTEGRATION MANIFESTO APPLICATIONS, DATA, CLOUD, MOBILE, AND THE INTERNET OF THINGS DECEMBER 10-11, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME
More informationTECHNOLOGY TRANSFER PRESENTS OCTOBER 16 2012 OCTOBER 17 2012 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS RICK VAN DER LANS Data Virtualization for Agile Business Intelligence Systems New Database Technology for Data Warehousing OCTOBER 16 2012 OCTOBER 17 2012 RESIDENZA DI RIPETTA
More informationTECHNOLOGY TRANSFER PRESENTS MITCHELL WEISBERG. Strategic Management of the IT Organization
TECHNOLOGY TRANSFER PRESENTS MITCHELL WEISBERG Strategic Management of the IT Organization DEVELOPING A BALANCED SCORECARD TO MEASURE IT PERFORMANCE AND TO ALIGN IT AND BUSINESS ROME NOVEMBER 11-13, 2015
More informationKEVIN CARDWELL. Q/SA (Qualified Security Analyst) Penetration Tester. & Optional Q/PTL (Qualified Penetration Licence) Workshop
TECHNOLOGY TRANSFER PRESENTS KEVIN CARDWELL Q/SA (Qualified Security Analyst) Penetration Tester & Optional Q/PTL (Qualified Penetration Licence) Workshop MAY 18-22, 2009 VISCONTI PALACE HOTEL - VIA FEDERICO
More informationMAX DOLGICER EAI (ENTERPRISE APPLICATION INTEGRATION) OCTOBER 11-13, 2006 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER EAI (ENTERPRISE APPLICATION INTEGRATION) Architectures, Technologies and Best Practices OCTOBER 11-13, 2006 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME
More informationDANIEL EKLUND UNDERSTANDING BIG DATA AND THE HADOOP TECHNOLOGIES NOVEMBER 2-3, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
LA TECHNOLOGY TRANSFER PRESENTS PRESENTA DANIEL EKLUND UNDERSTANDING BIG DATA AND THE HADOOP TECHNOLOGIES NOVEMBER 2-3, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it
More informationTECHNOLOGY TRANSFER PRESENTS MAX. From EAI to SOA ACHIEVING BUSINESS AGILITY THROUGH INTEGRATION
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER From EAI to SOA to Cloud Integration ACHIEVING BUSINESS AGILITY THROUGH INTEGRATION DECEMBER 12-14, 2011 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
More informationSTEPHEN FEW SHOW ME THE NUMBERS
TECHNOLOGY TRANSFER PRESENTS STEPHEN FEW SHOW ME THE NUMBERS Designing Tables and Graphs to Enlighten MAY 6, 2009 DATA VISUALIZATION FOR DISCOVERY AND ANALYSIS Simple Graphing Techniques for Analyzing
More informationTECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT APRIL 27-29, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationTECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES
TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES APRIL 2-4, 2014 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it
More informationSONDRA SCHNEIDER JOHN NUNES
TECHNOLOGY TRANSFER PRESENTS SONDRA SCHNEIDER JOHN NUNES CERTIFIED ETHICAL HACKER TM THE ONLY WAY TO STOP A HACKER IS TO THINK LIKE ONE MAY 21-25, 2007 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME
More informationTECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON BIG DATA MULTI-PLATFORM JUNE 25-27, 2014 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON BIG DATA MULTI-PLATFORM ANALYTICS JUNE 25-27, 2014 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationMobile App Security. Using Threat Modeling to Review Mobile Devices and Apps. Copyright 2012 KRvW Associates, LLC
Mobile App Security Using Threat Modeling to Review Mobile Devices and Apps Your Instructor Ken van Wyk ken@krvw.com Work Experience 20+ years in Information Security l l l l CMU CERT/CC Founder DoD CERT
More informationMICHAEL SCHMITZ NOVEMBER 20-22, 2006 NOVEMBER 23-24, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MICHAEL SCHMITZ DATA WAREHOUSING Advanced Design and Implementation Issues ETL FOR THE DATA WAREHOUSE A Template-Driven Approach NOVEMBER 20-22, 2006 NOVEMBER 23-24, 2006 RESIDENZA
More informationTECHNOLOGY TRANSFER PRESENTS VLADIMIR NOVEMBER 26-27, 2015 NOVEMBER 30 DECEMBER 2, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS VLADIMIR BACVANSKI MODERN INFORMATION ARCHITECTURE DEVELOPING WITH SCALA NOVEMBER 26-27, 2015 NOVEMBER 30 DECEMBER 2, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
More informationTECHNOLOGY TRANSFER PRESENTS SHAKU. Is it the new face of APRIL 8-10, 2013 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS SHAKU ATRE DASHBOARD Is it the new face of Business Intelligence? APRIL 8-10, 2013 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationJOHN KNEILING APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS JOHN KNEILING CREATING XML AND WEB SERVICES SOLUTIONS SECURING THE WEB SERVICES ENVIRONMENT APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME
More informationTECHNOLOGY TRANSFER PRESENTS CRAIG AGILE SOFTWARE DEVELOPMENT. Hands-on Practices, Principles, Agile Modeling, and TDD MAY 6-10, 2013
TECHNOLOGY TRANSFER PRESENTS CRAIG LARMAN AGILE SOFTWARE DEVELOPMENT Hands-on Practices, Principles, Agile Modeling, and TDD MAY 6-10, 2013 AGILE, LEAN & ITERATIVE DEVELOPMENT Management Overview MAY 13,
More informationThe Logical Data Warehouse
TECHNOLOGY TRANSFER PRESENTS RICK VAN DER LANS The Logical Data Warehouse Design, Architecture, and Technology Incorporating Big Data, Hadoop and NoSQL in Data Warehouse and Business Intelligence Systems
More informationTECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON NEXT GENERATION DATA MANAGEMENT BUILDING AN ENTERPRISE DATA RESERVOIR AND DATA REFINERY
TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON NEXT GENERATION DATA MANAGEMENT BUILDING AN ENTERPRISE DATA RESERVOIR AND DATA REFINERY MAY 11-13, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationSYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules
Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification
More informationT E C H N O L O G Y T R A N S F E R P R E S E N T S
T E C H N O L O G Y T R A N S F E R P R E S E N T S Rome, December 4-5 2014 Residenza di Ripetta Via di Ripetta, 231 INTERNATIONAL S U M M I T 2 0 1 4 BIG DATA ANALYTICS A B o U T T H E S U M M I T In
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationData Management, Analytics and Business Intelligence
TECHNOLOGY TRANSFER PRESENTS Rome, June 25-26 2015 Residenza di Ripetta Via di Ripetta, 231 INTERNATIONAL SUMMIT 2 0 1 5 Data Management, Analytics and Business Intelligence A B O U T T H E S U M M I T
More informationAdvanced ANDROID & ios Hands-on Exploitation
Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationSecuring ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH
Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview
More informationTECHNOLOGY TRANSFER PRESENTS INTERNATIONAL. Rome, December 3-4 2015 Residenza di Ripetta Via di Ripetta, 231 CONFERENCE BIG DATA
TECHNOLOGY TRANSFER PRESENTS Rome, December 3-4 2015 Residenza di Ripetta Via di Ripetta, 231 INTERNATIONAL CONFERENCE 2 0 1 5 BIG DATA A B O U T T H E S U M M I T The last twelve months can only be described
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationTECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON JUNE 3-4, 2015 JUNE 5, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON Big Data and Analytics From Strategy to Implementation Data Virtualization in Practice JUNE 3-4, 2015 JUNE 5, 2015 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationDevelopment. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,
Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs
More informationTECHNOLOGY TRANSFER PRESENTS MIKE MARCH 22-23, 2010 MARCH 24-25, 2010 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON ENTERPRISE BUSINESS INTEGRATION USING BUSINESS INTELLIGENCE, BAM AND EVENT PROCESSING FOR BUSINESS OPTIMIZATION MARCH 22-23, 2010 MARCH 24-25, 2010 RESIDENZA
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More informationWEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services
WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating
More informationLearning Course Curriculum
Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early
More informationMIKE FERGUSON ENTERPRISE SERVICE ORIENTED APRIL 14-15, 2008 APRIL 16-17, 2008 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON ENTERPRISE SERVICE ORIENTED ARCHITECTURE AND INTEGRATION ENTERPRISE DATA INTEGRATION AND MASTER DATA MANAGEMENT APRIL 14-15, 2008 APRIL 16-17, 2008 RESIDENZA
More informationMobile Application Security and Penetration Testing Syllabus
Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP
More informationMIKE FERGUSON OCTOBER 1-2, 2007 OCTOBER 3-4, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS MIKE FERGUSON BUSINESS INTELLIGENCE AND PERFORMANCE MANAGEMENT: BI 2.0 in the Real-Time Intelligent Enterprise ENTERPRISE DATA INTEGRATION AND MASTER DATA MANAGEMENT OCTOBER
More informationProtect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance
Protect Your Organization With the Certification That Maps to a Master s-level Education in Software Assurance Sponsored by the U.S. Department of Homeland Security (DHS), the Software Engineering Institute
More informationTEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com
TEAM Academy Catalog 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 TEAM ACADEMY OVERVIEW 2 Table of Contents TEAM Academy Overview... 4 TEAM Professor Overview... 4 Security Awareness and
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationSecurity Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems
Security Innovation Application Security Education Curriculum Courses to Help Build and Deploy more Secure Software and Information Systems Table of Contents 1.0 Security Education Curriculum Map... 3
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationIntegrating Automated Tools Into a Secure Software Development Process
Integrating Automated Tools Into a Secure Software Development Process Kenneth R. van Wyk KRvW Associates, LLC Ken@KRvW.com Copyright 2007, KRvW Associates, LLC This paper is intended to augment and accompany
More informationAndroid & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications
Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications
More informationNetwork Security Audit. Vulnerability Assessment (VA)
Network Security Audit Vulnerability Assessment (VA) Introduction Vulnerability Assessment is the systematic examination of an information system (IS) or product to determine the adequacy of security measures.
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationSecurity Tools - Hands On
Security Tools - Hands On SecAppDev 2014 Ken van Wyk, @KRvW! Leuven, Belgium 10-14 February 2014 Caveats and Warnings This is not a sales pitch for any product(s) If you want to talk to a sales person,
More informationBuilding a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved
Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationOWASP Top Ten Tools and Tactics
OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationCyber Security & Data Privacy. January 22, 2014
Cyber Security & Data Privacy January 22, 2014 Today s Presenters Bob DiBella Director of Product Management Aclara Technologies Srinivasalu Ambati Application Architect, Consumer Engagement Aclara Technologies
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications
Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile
More informationNetwork and Application Security
5 TARGETED ALC workshops 5 HANDS-ON Network and Application Security 5 Practical Workshops for Network Professionals Exclusive roadmap series of workshops designed to provide participants with hands-on
More informationSix Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business
6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web
More informationSecure Coding in Node.js
Secure Coding in Node.js Advanced Edition Copyright 2015 nvisium LLC 590 Herndon Parkway Suite 120, Herndon VA 20170 571.353.7551 www.nvisium.com 1 Introduction Seth Law VP of Research & Development @
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationColumbia University Web Security Standards and Practices. Objective and Scope
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
More informationMobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application
Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Since the introduction of the iphone, Apple has sold more than 315 million
More informationMobile Apps - Hands On
Mobile Apps - Hands On SecAppDev 2014 Ken van Wyk, @KRvW! Leuven, Belgium 10-14 February 2014 Clear up some misconceptions Apple s ios has been a huge success for Apple Together with Android, they have
More informationAdobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661
Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More informationWeb Maniac Hacking Trust. Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security
Web Maniac Hacking Trust Aditya K Sood [adi_ks [at] secniche.org] SecNiche Security Disclaimer Web Maniac - Hacking Trust Pentesting web applications in a hacker s way. Attack surface varies from application
More informationPromoting Application Security within Federal Government. AppSec DC November 13, 2009. The OWASP Foundation http://www.owasp.org
Promoting Application Security within Federal Government AppSec DC November 13, 2009 Dr. Sarbari Gupta, CISSP, CISA Founder/President Electrosoft sarbari@electrosoft-inc.com 703-437-9451 ext 12 The Foundation
More informationSOFTARE SECURTY OF WEB APPLICATION AND WEB ATTACKS
SOFTARE SECURTY OF WEB APPLICATION AND WEB ATTACKS Hanım Eken Gazi University hanim.eken@os.gazi.edu.tr Abstract Today, thousands of applications world-wide web, and mobile media applications are used
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationPenetration Testing Tools
Penetration Testing Tools Ken van Wyk January 2007 ABSTRACT: This article provides a primer on the most commonly used tools for traditional penetration testing. (A related article provides an overview
More informationHow To Understand And Understand The Security Of A Web Browser (For Web Users)
Security vulnerabilities: should they be early detected? - lsampaio@inf.puc-rio.br Alessandro Garcia afgarcia@inf.puc-rio.br OPUS Research Group Agenda 1. Background; 2.Motivation; 3.Research Questions;
More informationApplication Security Testing How to find software vulnerabilities before you ship or procure code
Application Security Testing How to find software vulnerabilities before you ship or procure code Anita D Amico, Ph.D. Hassan Radwan 1 Overview Why Care About Application Security? Quality vs Security
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationIntegrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
Integrating Security into the Application Development Process Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Agenda Seek First to Understand Source Code Security AppSec and SQA Analyzing
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationEnterprise Web & Cloud Computing
T E C H N O L O G Y T R A N S F E R P R E S E N T S Rome, December 1-3, 2010 Residenza di Ripetta Via di Ripetta, 231 CONFERENCE E U R O P E 2 0 1 0 Enterprise Web & Cloud Computing A B O U T T H E C O
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More informationIntegrating Security Testing into Quality Control
Integrating Security Testing into Quality Control Executive Summary At a time when 82% of all application vulnerabilities are found in web applications 1, CIOs are looking for traditional and non-traditional
More informationTECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS
TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS Technical audits in accordance with Regulation 211/2011 of the European Union and according to Executional Regulation 1179/2011 of the
More informationEthical Hacking as a Professional Penetration Testing Technique
Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996
More informationState of Web Application Security
State of Web Application Security Executive Summary Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2011 Ponemon Institute Research
More information