AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Tuesday, September 22 • 11:00am - 12:30pm
Training (2 days): Hands-on Auditing of the OWASP Application Security Verification Standard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Note: This is a two day course from Tues 2015-09-22 - Wed 2015-09-23

The OWASP Application Verification Standard provides great guidelines which help us develop secure applications. However, nobody is perfect. How do we audit to ensure we are following these standards consistently? This hands-on training provides examples of how to audit our web-based applications for adherence to the OWASP ASVS using the Burp Suite interception proxy and a few other free tools. Learn how to use Burp Suite and how to ensure applications comply with written standards.

All testing will be against targets included on the Samurai WTF distribution which will allow students to follow along with the demonstrations and participate in the hands-on labs. Hands-on labs include auditing horizontal and vertical brute-force controls, XSS and BeEF, CSRF by example, exploiting insecure direct object references and many more.

Who Should Take This Course?
This course is designed for application security professionals, security auditors, quality assurance engineers, and software developers.

What Should Students Bring?
Samurai WTF

avatar for David Hazar

David Hazar

Product Development Security Lead, Oracle Service Cloud
I am all about application security and the need to better secure our applications by not only identifying issues, but training developers to understand these issues and write more secure code. QA engineers also need to understand these issues so they can write meaningful test cases... Read More →

Tuesday September 22, 2015 11:00am - 12:30pm PDT
Pacific I