Registration Dates: Early-bird registration ends: Aug. 15, 2019
Workshop Dates: Tuesday, Aug. 17 & Wednesday, Aug. 18, 9:00am-5:00pm both days
Meals: Breakfast, break refreshments and lunch will be provided. Doors open at 8:00am for networking, coffee and danishes.
Session 1 - Introduction and Overview of Security Testing Practices
Session 2 - Scoping and Assumptions - Technical Security Assessment
Session 3 - Running a Penetration Test
Session 4 - Introduction to Threat Modeling - Technical Security Assessment
Session 5 - Analysis and Reporting
Each participant will be given a virtual machine with tools and lessons loaded for participating in hands-on exercises.
Detailed understanding of security testing methodology and process using world-renowned methodologies and guidelines like PTES and OWASP
Deep-dive into scoping, rules of engagement and compliance considerations for security testing
Introduction to penetration testing through hands-on exercises with testing tools, custom exploitation and attacks
Practical steps to perform threat modeling using the Microsoft STRIDE Methodology
Introduction to cloud pentesting - attacking cloud-based environments like AWS Lambda, ELB, EC2 and attacking applications hosted on these environments
Deep-dive into vulnerability management metrics, analysis and reporting
Working knowledge of information security concepts and practices.
Basic/Introductory knowledge of Application Security Attacks and Defense Concepts
Knowledge of Linux Commands and Tools will help, but NOT required.
Each participant is expected to bring a laptop both days.
Intel i3 and above preferred, 64 bit Operating System (32 bit will NOT work), 8GB+ RAM preferred. Netbooks will NOT work
At least 80GB HDD space available
Working Wi-Fi adapter with ability to connect to third-party wireless networks
Must be able to use the USB port
Trainer: Sudarshan Narayanan is the Practice Head of DevSecOps at we45, a focused application security company. Sudarshan currently leads the service delivery practice at we45 and comes with a decade long experience in Software Quality Assurance. Sudarshan's primary focus involves conceptualizing a feasible and "risk-based" model of continuous security implementation for product teams by identifying bottlenecks and addressing them before integrating security into development life-cycle while remaining agile. Sudarshan has also worked on various client engagements evaluating web and mobile applications and presenting findings to the product teams and recommending remediations. Drawing from his experiences of having worked with various engineering teams, Sudarshan leads a team that works on developing a test-driven approach to continuous security automation by enhancing test coverage and optimizing security assessment using open-source tools and frameworks.