Schedule & Trainings
Monday, April 27
- Free Lightning Conference
- 12:00pm to 1:30pm EDT/1800pm to 2000pm CET
- Register for login instructions
- Will be livestreamed to our YouTube channel
Tuesday, April 28 and Wednesday, April 29
- Virtual Training Courses
- 12:00pm to 4:00pm EDT/1800pm to 2000pm CET
Thursday, April 30 to Saturday, May 1
- Virtual Capture the Flag
- 12:00pm (Apr 30) to 12:00pm (May 1) EDT/1800pm to 1800pm CET
Training subject to change based on trainer availability.
Applied Data Science and Machine Learning For Cyber Security
- This interactive course will teach security professionals how to use data science techniques to quickly manipulate and analyze security data. The course will cover the entire data science process from data preparation, exploratory data analysis, data visualization, machine learning, and model evaluation—all with a focus on security related problems
Attacking and Defending Containers, Kubernetes and Serverless
- Attacking and Securing an infrastructure or Applications leveraging containers, kubernetes and serverless technology requires specific skill set and a deep understanding of the underlying architecture. The Training will be filled with demos designed from real-world attacks to help understand all there is to attack and secure such applications.
Nithin is a passionate Open Source enthusiast and is the co-lead-developer of ThreatPlaybook - An Open Source framework that facilitates Threat Modeling as Code married with Application Security Automation on a single Fabric. He has also written multiple libraries that complement ThreatPlaybook.
Nithin is an automation junkie who has built Scalable Scanner Integrations that leverage containers to the hilt and is passionate about Security, Containers and Serverless technology. He speaks at meetup groups, webinars and training sessions. He participates in multiple CTF events and has worked on creating Intentionally Vulnerable Applications for CTF competitions and Secure Code Training.
Nithin was a trainer and speaker at events like AppSecDC-2019, AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more. In his spare time, he loves reading about personal finance, leadership, fitness, cryptocurrency, and other such topics. Nithin is an avid traveler and loves sharing stories over a cup of hot coffee.
Building Secure API's and Web Applications
- The major cause of API and web application insecurity is a lack of secure software development knowledge and practices. This highly intensive and interactive 1-day workshop provides essential application security training for web application and API developers. This workshop is a combination of lecture, security testing, and code review
DevOps for CISO
- Interactive training with group exercises for better understanding of the following topics.
- Agile and DevOps basics
- The role of automation in development, deployment, and operations
- Agile threat modeling
- Patch management in DevOps environments
- Incident handling feedback loops
- Cloud challenges and advantages
- Combining SRE and DevSecOps
He has several publications to his name and is ISEB/ISTQB, CIEH and GWAPT certified. Dave teaches you how to hack web apps, automate Security, work in a DevOps way and much more during his courses!
DevSecOps - Automate Security in DevOps
- Code gets shipped into a DevOps environment at a blazing speed, making it extremely difficult to address security at each new release.In this training we shall discuss how to address security issues by automating security in a DevOps environment utilising various tools and techniques. Attendees will also get a DevSecOps-Lab used during the course.
He is humbled to be part of the list of “50 Influential DevSecOps Professional - Peerlyst 2019”.
He also loves to reverse engineer binaries and mobile applications and find and exploit vulnerabilities in them. He spends his free time learning new technologies,programming languages or maybe even tinkering with open source tools.
Hacking Android and IoT apps by Example
- Learn about Android & IoT app security by improving your mobile security testing kung-fu. Ideal for Penetration Testers, Mobile Developers and everybody interested in mobile app security.
All action, no fluff, skills gained are 100% hands-on, includes lifetime access to training portal with detailed video recordings + all future updates for free.
Hands-on threat modeling and tooling for DevSecOps
- Action-packed Threat Modeling course for DevOps to improve reliability & security of software. We teach a risk-based, iterative and incremental threat modeling method. At least 50% hands-on workshops covering the different stages of threat modeling on an incremental business driven CI/CD scenario for AWS. 94% satisfaction score O’Reilly Velocity.
Seth & Ken's Excellent Adventures (in Secure Code Review)
- Have you been tasked with reviewing too much code in too little of time? What about new frameworks or languages you are unfamiliar with? This course addresses these common challenges in modern secure code review. Sharpen your code review techniques by gleaning from our adventures in code review and the lessons we’ve learned along the way.
Threat Modeling: Getting from None to Done
- This session offers an introduction to Threat Modeling (TM), based on the instructor's learning and experience developing a TM practice at his employer. We start with necessary background information, walk through techniques for building models for new and legacy systems, and wrap up with an approach for introducing TM into your SDLC.
Before specialising in application security, John was active as a Java enterprise architect and Web application developer (mostly Java EE and LAMP). In an earlier life, had had specialised in developing discrete-event simulations of large distributed systems, in a variety of languages - including the Java-based language (FreeSML) he developed as part of his doctoral research.
John is also a member of the core team for the OWASP Software Assurance Maturity Model (SAMM) Project, and a co-leader of the OWASP Application Security Curriculum Project.
Web Application Security Essentials
- During this interactive training, the participants will be able to identify the top 5 critical vulnerabilities in web applications, understand how exploitation works and learn how to implement the necessary corrective measures. The students will utilize OWASP WebGoat 8.0 and OWASP ZAP to solve the exercises presented during the virtual class.
Fabio Cerullo is an official certified instructor for (ISC)², the global leader in information security education and certification. Fabio has over 15 years of experience in the information security field gained across a diverse range of industries ranging from financial and government institutions to software houses and start-ups. He regularly trains professionals from different backgrounds in application security, cloud security, and information security. He is a regular speaker at events organized by OWASP, ISACA and (ISC)² among others; and provides commentary and written articles for specialized industry media (Computer Weekly, Infosecurity Magazine, SiliconRepublic.com, etc). He holds an MSc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from (ISC)².
Your Application Security Program
- Bring your application Security Program from zero to hero with this 1/2 day planning course. We will learn; planning, scaling, and measuring your AppSec Program. We will cover; tooling, where to start, how to measure, creating a security champions program, developer education, and more. Course will include written exercises and discussion.