Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, November 19 • 9:00am - 5:00pm
2 Day Pre-Conference Training: Web Application Defender's Cookbook: LIVE

Sign up or log in to save this to your schedule and see who's attending!

2 Day Class running Monday Nov 18 and Tuesday Nov 19

Can you answer these questions? • Are your web applications secure?
• Do you know how to lock down new web applications when they are placed into production?
• Do you know if/when attackers are trying to break into your site and steal data or cause other harm?
• Do you know if/when attackers are attacking other web application users?

If you can not confidently answer yes to all of these questions then this is the class for you!  This 2-day bootcamp is based on the popular book "Web Application Defender's Cookbook: Battling Hackers and Protecting Users" written by the class trainer Ryan Barnett.  Copies of the book will be provided to all participants and will be used as the basis for the courseware material.  The class is tailored for web application defenders (operational security personnel) who are charged with protecting live web applications.  The training will provide answers to these questions and increase your ability to identify and thwart malicious activities within your web applications.
You will learn the following skills: • Implement full HTTP auditing for incident response
• Utilize virtual patching processes to remediate identified vulnerabiities
• Deploy web tripwires (honeytraps) to identify malicious users
• Detect when users are acting abnormally
• Analyze uploaded files and web content for malware
• Recognize when web applications leak sensitive user or technical data
• Respond to attacks with varying levels of force

Tools:
Each student will need to bring their own laptop with VMware installed.  For hands-on lab exercises, we will utilize the OWASP Broken Web Applications VM project as it already has many vulnerable target web applications.  OWASPBWA also includes the cross-platform (Apache, IIS and Nginx), open source ModSecurity Web Application Firewall (WAF) and OWASP ModSecurity Core Rule Set (CRS) which is the tool that we will be using for our labs exercises to implement our defenses.

Speakers
avatar for Ryan Barnett

Ryan Barnett

Lead Security Researcher, Trustwave SpiderLabs
Ryan C. Barnett is renowned in the web application security industry for his unique expertise. After a decade of experience defending government and commercial websites, Ryan joined Trustwave SpiderLabs Research Team. He specializes in application defense research and leads the open source ModSecurity web application firewall project. | | In addition to his commercial work at Trustwave, Ryan is also an active contributor to many... Read More →


Tuesday November 19, 2013 9:00am - 5:00pm
Odets (4th Floor) NY Marriott Marquis

Attendees (31)