Back to All Events

San Diego: Penetration Testing - Two-Day Workshop


  • Amazon 10300 Campus Point Drive Ste. 200 San Diego, CA, 92121 (map)

CPEs: 14 

Registration Dates: Early-bird registration ends: Aug. 15, 2019

Workshop Dates: Tuesday, Aug. 17 & Wednesday, Aug. 18, 9:00am-5:00pm both days

Meals: Breakfast, break refreshments and lunch will be provided. Doors open at 8:00am for networking, coffee and danishes.

Agenda:

  • Session 1 - Introduction and Overview of Security Testing Practices

  • Session 2 - Scoping and Assumptions - Technical Security Assessment

  • Session 3 - Running a Penetration Test

  • Session 4 - Introduction to Threat Modeling - Technical Security Assessment

  • Session 5 - Analysis and Reporting

Each participant will be given a virtual machine with tools and lessons loaded for participating in hands-on exercises.

Key Takeaways:

  • Detailed understanding of security testing methodology and process using world-renowned methodologies and guidelines like PTES and OWASP

  • Deep-dive into scoping, rules of engagement and compliance considerations for security testing

  • Introduction to penetration testing through hands-on exercises with testing tools, custom exploitation and attacks

  • Practical steps to perform threat modeling using the Microsoft STRIDE Methodology

  • Introduction to cloud pentesting - attacking cloud-based environments like AWS Lambda, ELB, EC2 and attacking applications hosted on these environments

  • Deep-dive into vulnerability management metrics, analysis and reporting

Prerequisites

  • Working knowledge of information security concepts and practices.

  • Basic/Introductory knowledge of Application Security Attacks and Defense Concepts

  • Knowledge of Linux Commands and Tools will help, but NOT required.

Laptop Requirements 

Each participant is expected to bring a laptop both days.

  • Intel i3 and above preferred, 64 bit Operating System (32 bit will NOT work), 8GB+ RAM preferred. Netbooks will NOT work

  • At least 80GB HDD space available

  • Working Wi-Fi adapter with ability to connect to third-party wireless networks

  • Must be able to use the USB port

Trainer: Sudarshan Narayanan is the Practice Head of DevSecOps at we45, a focused application security company. Sudarshan currently leads the service delivery practice at we45 and comes with a decade long experience in Software Quality Assurance. Sudarshan's primary focus involves conceptualizing a feasible and "risk-based" model of continuous security implementation for product teams by identifying bottlenecks and addressing them before integrating security into development life-cycle while remaining agile. Sudarshan has also worked on various client engagements evaluating web and mobile applications and presenting findings to the product teams and recommending remediations. Drawing from his experiences of having worked with various engineering teams, Sudarshan leads a team that works on developing a test-driven approach to continuous security automation by enhancing test coverage and optimizing security assessment using open-source tools and frameworks.