$399 – $1,500

Loco Moco Security Conference

Event Information

Share this event

Date and Time

Location

Location

Kalapaki Beach Hotel | Kaua'i Marriott Resort

3610 Rice St

Lihue, HI 96766

View Map

Refund Policy

Refund Policy

No Refunds

Event description

Description


Loco Moco Product Security Conference

Join us on the shores of Lihue on Kaua'i, Hawaii for a gathering of security professionals. The Loco Moco Security Conference is a product security conference where a security engineer can learn from others' experiences. You can expect highly educational content based on security best practices that will help manage, scale, and improve all security programs. You can also expect sun, waves, and the spirit of aloha.

Two Days, Single Track Presentations

We are big fans of the single track format. We are trying to tell a story of how to build a successful program and the single track format ensures that everyone had the same experience.

Training Available Prior to Event

We're going to have some great training options available for those with less experience as well as classes to entice even the biggest know-it-alls. Conference passes are included when training is purchased.


Building Secure APi's and Web Applications: Secure Coding with Aloha

Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences and BitDiscovery. Jim is also a frequent speaker on secure software practices, is a member of the JavaOne rockstar speaker and Java Champion community and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press. Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation.

Student Requirements: Familiarity with the technical details of building web applications and web services from a software engineering point of view.

Laptop Requirements: Any laptop that can run an udpated web browser and "Burp Community Edition".

Description:

The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and webservice developers and architects.

The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.

As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit.
Day 1 of the course will focus on web application basics.

  • Introduction to Application Security
  • Introduction to Security Goals and Threats
  • HTTP Security Basics
  • CORS and HTML5 Considerations
  • XSS Defense
  • Content Security Policy
  • Intro to Angular.JS Security
  • Intro to React.JS Security
  • SQL and other Injection
  • Cross Site Request Forgery
  • File Upload and File IO Security
  • Deserialization Security
  • Input Validation Basics
  • OWASP Top Ten 2017
  • OWASP ASVS

Day 2 of the course will focus on API secure coding, Identity and other advanced topics.

  • Webservice, Microservice and REST Security
  • Authentication and Session Management
  • Access Control Design
  • OAuth Security
  • OpenID Connect Security
  • HTTPS/TLS Best Practices
  • 3rd Party Library Security Management
  • Application Layer Intrusion Detection

We end day 2 with a competitive hacking lab. It's a very fun and informative way to end the course.


Defending Modern DevOps Environments: A Hands-on Approach: Kubernetes and Docker Demystified

Jimmy Mesta

Jimmy Mesta is an application security leader that has been involved in Information Security for nearly 10 years. He is the chapter leader of OWASP Santa Barbara and co-organizer of the AppSec California security conference. Jimmy has spent time on both the offense and defense side of the industry and is constantly working towards building modern, developer-friendly security solutions. Jimmy's core focus has been in application and cloud security with an emphasis on secure architecture, automated testing, developer training and defensive techniques.

Student Requirements: Familiarity with at least one public cloud provider is recommend- ed. Students should also have basic Docker knowledge and experience launching and managing basic cloud instances. Basic command line and scripting skills are highly recommended.

Laptop Requirements: Any laptop with at least 2GB of free ram available that can run Docker, Minikube, and Virtualbox.

Description:

The Cloud as we know it is changing. Containers have taken the center stage as the preferred method of developing and deploying software into production. As security practitioners, we must adapt to the latest technologies or be left in the dust.

This technical 2-day course will focus on the ins and outs of building a modern cloud infrastructure capable of taking containers from a developer’s laptop to production, in a secure manner.

The hands-on portion of the course will rely heavily on Kubernetes for the deployment and orchestration of Docker containers. Each student will build a sandbox Kubernetes cluster from scratch using Google Container Engine (GKE) or locally using Minikube.

At the completion of this course, students will have an operational, version controlled, deployment pipeline capable of shipping a container to a Kubernetes cluster while performing a number of automated security checks along the way.

Some of the principals and techniques covered in this course include:

  • DevSecOps Principles
  • Kubernetes and Docker Security Controls
  • Third-Party Security Considerations
  • Identity and Access Management Secure Deployment Pipelines
  • Security Automation
  • Infrastructure as Code
  • Scaling Security Operations
  • Data Security and Encryption
  • Logging, Monitoring, and Alerting
Share with friends

Date and Time

Location

Kalapaki Beach Hotel | Kaua'i Marriott Resort

3610 Rice St

Lihue, HI 96766

View Map

Refund Policy

No Refunds

Save This Event

Event Saved