OWASP 2023 Virtual June Training

The OWASP Foundation brings the AppSec community a fantastic set of live, virtual training offerings.

We are hosting 2-day training courses on Tuesday, June 6, 2023 and ending Wednesday, June 7, 2023.

Some courses are four (4) hours per day and others are eight (8) hours per day. Please be sure to read the ticket description and items below carefully before purchasing your ticket. Trainings beginning at 9 am/EDT (Eastern Daylight SavingsTime) and will either wrap up at 1:00pm EDT or 5 pm/EDT.

For a complete list and description of each training, please click the green "Tickets" button above and below. If you would like to see a more detailed outline of trainings or a bio of the trainer, please email events@owasp.com

Course: Application Security Awareness and Security Requirements with the OWASP ASVS (Two 4- hour days)

Trainer: Josh Grossman, Bounce Security

Dates/Times / Audience Level: June 6-7, 2023 9:00am - 1:00pm EDT / All

This training course is designed to provide you with an overview into how to design secure software including the mindset and approach for balancing the needs of security with practicality.

You will go beyond the standard OWASP Top 10 to discuss a wider range of issues, using the comprehensive OWASP Application Security Verification Standard (ASVS) as a baseline to understand the requirements for secure software over the key areas defined in the ASVS. For each area, there is a table-top style exercise where you attempt to secure a sample application from a set of related attacks.

You will also learn how the ASVS can be customized and best suited to your use-case and not only the theoretical solutions but also practical options which are common in the industry for providing software security mechanisms.

This course is aimed at people in Product Management, Application Architect, or general Software Engineering roles. Attendees should be familiar with general software development practices and software architecture.

Course: Candies for developers: Tips for effective secure software development based on OWASP Top10 (Two 4-hour days)

Trainer: Vasilis Skourtis, HEDNO

Dates/Times / Audience Level: June 6-7, 2023 9:00am - 1:00pm EDT / All

Affected by Paretto's law, this workshop intends to train developers’ eyes to catch early the 20% of the cases that produce 80% of the vulnerabilities.

A web application written in Java will be given to the participants, who will need to implement some empty code parts.

Then, the application will be analyzed based on the OWASP Top10 vulnerabilities, the corresponding attacks will be performed and effective ways to avoid them will be presented.

Course: Hands-on AWS Serverless Security Workshop (Two 4-hour days)

Trainer: Miguel Callesauthor of the Serverless Security book

Dates/Times / Audience Level: June 6-7, 2023 9:00am - 1:00pm EDT / Beginner

This training will provide hands-on serverless security experience. The attendees will create a serverless website, API and backend. Practical security measures will be implemented, e.g., authentication, authorization, principle of least privilege.

Course: Angular Web Application Security Training (Two 4-hour days)

Trainer: Sara Mourad, Worldline

Dates/Times / Audience Level: June 6-7, 2023 9:00am - 1:00pm EDT / Beginner

Learn how to prevent common threats from OWASP TOP 10 in your Angular Web application.

For each threat you will get an overview, how it can be detected and which protection to implement.

The training has dynamic activities and practical works which will help you understand the security practices very quickly.

Course: Hacking Modern Web apps: Master the Future of Attack Vectors(Two 8-hour days)

Trainer: Anirudh Anand, 7ASecurity

Dates/Times / Audience Level: June 6-7, 2023 9:00am - 5:00pm EDT / All

This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Long are the days since web servers were run by perl scripts apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.

Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web app platform. Ideal for Penetration Testers, Web app Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:

1 hour workshop - https://7asecurity.com/free-workshop-web-apps

All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free.