Loading…
AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
View analytic
Thursday, July 5 • 11:00am - 11:45am
Remediate The Flag - Practical AppSec Training Platform LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Developers aren’t born knowing how to code securely and appsec training is often boring and does not provide practical examples. For the business it is usually not possible to assess competency in secure coding and difficult to calculate ROI on security training.
This talk introduces, RTF an open source Practical Application Security Training platform that offers application security focused exercises.
Candidates manually find and remediate the code of a vulnerable application running in a disposable development environment accessed using a web browser. 100% hands-on training, no multiple choice questions involved.
The demo will show the following workflow:
Candidates select an exercise, the RTF platform provisions a dedicated environment accessed through a web browser. Candidates then find and manually remediate vulnerable code in the RTF instance by referencing the instructions.
Candidates can check in real time whether security issues were successfully remediated; they can take hints which affect their final score.
When the exercise is completed, the platform provides automated results including code diff and logs. An assessor reviews the exercise results and, if necessary (wrong remediation approach), provides additional feedback to the candidate.
It is possible to setup time-boxed tournaments specifying programming languages, developer groups (frontend vs backend, web vs non-web) and target vulnerabilities. Points are used to rank candidates on a “Leaderboard” so that they can compare themselves to their peers.
Full stats are provided at candidate, team and organisation level indicating remediation ratio and time spent on each type of vulnerability and aggregated on category types.
SDK makes easy to add new exercises, completely customisable to target specific organisation needs.

Speakers
avatar for Andrea Scaduto

Andrea Scaduto

Andrea is a Senior Penetration Tester and Software Engineer with an MSc in Computer Engineering and several IT Security certifications. | He enjoys breaking, building and securing web and mobile applications. He has an extensive knowledge of secure coding techniques and a focus on... Read More →


Thursday July 5, 2018 11:00am - 11:45am
St James - 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

Attendees (40)