$25

Portland OWASP Training Day 2017

Event Information

Share this event

Date and Time

Location

Location

PSU - Smith Memorial Student Union Building

1825 Broadway

Portland, OR 97201

View Map

Refund Policy

Refund Policy

No Refunds

Friends Who Are Going
Event description

Description

The Portland OWASP chapter is hosting its 2nd annual training day. This will be an excellent opportunity for students to receive quality information security and application security training for next to nothing. It will also be a great chance to network with the local infosec community. For more information, see the main event page.

Courses are held in three tracks: three in the morning session, and three in the afternoon session. Each student can register for one morning course, or one afternoon course, or one of each!

NOTE: If you see that a course is sold out, then it is unlikely we will have any additional seats in that course. You can email bhushan DOT Gupta AT owasp.org to request being added to the waiting list. Please be sure to specify which class(es) you want to be added to the wait list for.


Morning Session: 8:30 AM - Noon

Client-side Security for Modern Web Applications (SOP, XSS, CSRF, CSP, etc)

Instructor: Timothy Morgan

Abstract: This course introduces the student to key concepts of browser security, such as the same-origin policy, and continues with a series of web-specific vulnerability classes, including: cross-site scripting, cross-site request forgery, clickjacking, and JSON hijacking. The course finishes up by covering new security mechanisms and standards, including cross-origin resource sharing (CORS) and content security policy (CSP).

Cyber Security Framework

Instructor: James Trumper

Abstract: Are you looking for a place to start addressing your information security posture, how to understand current maturity and plan future enhancements and budget? Have you been tasked with complying or using an information security framework? The CyberSecurity Framework (CSF) is a comprehensive information security framework developed by NIST (the National Institute of Standards and Technology). Although the framework is required for many federal agencies and used by State and local agencies, it is also recommended for use by non-governmental organizations including small to medium businesses. In this course, we will review the framework's structure and components, going into details around specific requirements as well as references to NIST 800-53. Once we have a good foundation around the CSF categories and sub-categories, we will transition into how we can manage our efforts to this framework. The course provides a creative-commons management tool to track current controls, maturity, existing budget, plan for future control enhancement projects, and future budget requests. The tool is both an internal tracking tool as well as a presentation layer to various teams and management based on their need-to-know.

Securing Your AWS Environment

Instructor: Derek Hill

Abstract: Are you looking to move your infrastructure into the cloud, but are worried about how to secure it? Are you ready to let go of all of your physical infrastructure? You are not alone in this journey. The cloud does not have to be this scary unknown black hole. Sure, things are certainly different and not everything that you used to do in your own infrastructure is easily repeatable in the cloud; however, there are many benefits. Thing are different, but many things are the same. We will discuss how to secure your cloud environment using both AWS tools and third party tools, including some custom applications that allow you to see what you have and how you need to secure it. We are successfully managing over 120 AWS accounts with approximately 3000 instances and many other AWS services. This class does not have any labs (due to the short duration). We will have some demos on how we accomplish certain tasks. We hope that you can take away some ideas on how to solve some of your current security problems and gain the confidence that security in the cloud can be achieved.


Afternoon Session: 1:30 PM - 5:00 PM

Burp and ZAP: Introduction into web intercept/scanning tools

Instructor: Alexei Kojenov

Abstract: The participants will learn how browsers communicate with web application back ends and how special tools such as Burp Suite and OWASP ZAP can be used to intercept, analyze and modify these communications to assess the application's security posture and, ultimately, to find and exploit vulnerabilities. We will discuss and try both passive and active attacks while diving deeper into each tool's functionality. We will talk about how to efficiently use the available features, as well as the ways to automate manual tasks. The participants will be able to immediately practice the learned skills during the class, and then apply them in their work environments. Prerequisites: A laptop (any OS) with Firefox or Chrome and Oracle VirtualBox (participants will be given a virtual machine with intentionally vulnerable web application for practice).

Applied Physical Attacks on Embedded Systems, Introductory Version

Instructor: Joe Fitzpatrick

Abstract: This workshop introduces several different relatively accessible interfaces on embedded systems. Attendees will get hands-on experience with UART, SPI, and JTAG interfaces on a MIPS-based wifi router. After a brief architectural overview of each interface, hands-on labs will guide through the process understanding, observing, interacting with, and exploiting the interface to potentially access a root shell on the target.

Cyber First-Aid: Introduction to Incident Response

Instructor: Kris Rosenberg

Abstract: In today’s world It is not a question of “if” you will get hacked, but “when”. More importantly. what are you going to do about it? When an incident occurs you need to be prepared to respond quickly to minimize losses and collect any potential evidence that could be used for a more detailed analysis of the incident. Much like a typical first aid course that prepares first responders to give immediate care needed to sustain life, this session is designed to give those who are typically the first on-scene to a cybersecurity event the skills they need to effectively identify and contain the incident, and preserve potentially valuable evidence for further forensic analysis.

Share with friends

Date and Time

Location

PSU - Smith Memorial Student Union Building

1825 Broadway

Portland, OR 97201

View Map

Refund Policy

No Refunds

Save This Event

Event Saved