There is NO charge to attend the Developer Summit, so come join us!
We do ask that you SIGN UP so we have an estimated headcount to be sure we have enough space and food.
Half Day Morning Session
Date: Tuesday, September 19, 2017
Time: 10am-1pm
Location: Coronado N&P
Presenter: Robert Hurlbut
Using OWASP Threat Dragon for Threat Modeling
OWASP Threat Dragon is a new OWASP project that introduces a threat modeling tool that is portable (able to be used on the web in various platforms), integrates well with build process, and is a great tool to introduce to developers and teams. This developer hands-on session will focus on introducing the Threat Dragon tool, best ways to use the tool in a day-to-day developer environment, and making it part of the CI implementation (including integration with Jenkins, etc.).
What will be discussed?
What will attendees learn from attending this session?
Items attendees are required to bring with them
There is NO charge to attend the Developer Summit, so come join us!
We do ask that you SIGN UP so we have an estimated headcount to be sure we have enough space and food.
Half Day Afternoon Session
Date: Tuesday, September 19, 2017
Time: 2pm-5pm
Location: Coronado N&P
Presenters: Nicole Becher and Tanya Janca
Hacking APIs and Web Services with OWASP DevSlop & PIXI!
Modern applications often use APIs and other micro services to deliver faster and better products and services. However, there are currently few training grounds for security testing in such areas. In comes DevSlop, OWASP's newest project, a collection of DevOps security disasters made as a vulnerable testing and proving ground for developers and security testers alike. DevSlop's Pixi, the first of many entries to come for this OWASP project, will be demonstrated and presenting for participant's hacking and learning pleasure. Pixi consists of vulnerable web services, and participants will be walked through how to exploit several of it's vulnerabilities so they can learn how to do better when they create their own web services and other types of APIs from now on.
What will be discussed?
What will attendees learn from attending this session?
Items attendees are required to bring with them
There is NO charge to attend the Developer Summit, so come join us!
We do ask that you SIGN UP so we have an estimated headcount to be sure we have enough space and food.
Full Day Session
Date: Wednesday, September 20, 2017
Time: 9am-5pm
Room: Coronado N&P
Presenter: Swaroop Yermalkar
Extreme iOS App Exploitation, Defense and ARM Exploitation
Detailed training contents: https://goo.gl/swp7F8 iOS has become one of the most popular mobile operating systems with more than 1.4 million apps available in the iOS App Store. Some security weaknesses in any of these applications or on the system could mean that an attacker can get access to the device and retrieve sensitive information. This training will show you how to conduct a wide range of penetration tests on iOS applications to uncover vulnerabilities and strengthen the system from attacks. Extreme iOS App Exploitation, Defense and ARM Exploitation is a 14 hrs session which will help you conduct end to end pentesting of iOS Applications and will also help you to understand the security measures which needs to be taken. This training will also have CTF challenge where attendees will use their skills learnt in session. To attend this hands-on session, all you have to do is bring your macbook with xcode installed on it.
What will be discussed?
Module 1: Introducing iOS App Security
Module 2: Setting up lab
Module 3: Exploiting iOS Application
Module 4: Exploiting Broken Cryptography
Module 5: Exploiting Key Management
Module 6: Runtime Analysis of iOS Application
Module 7: Reverse Engineering and binary analysis
Module 8: Analyzing iOS Network traffic
Module 9: Exploring iOS Pentest automation frameworks
Module 10: iOS Secure Coding
Module 11: iOS ARM Exploitation
What will attendees learn from attending this presentation?
Items attendees will be required to bring with them