Loading…
AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Training 2 days [clear filter]
Tuesday, July 3
 

8:00am BST

2-Day Training: Automated Defense using Serverless for AWS, Azure and GCP
Limited Capacity seats available

Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this training we will learn how to defend our cloud infrastructure using Serverless technologies and Elastic Stack. Elasticstack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.
The world is advancing towards accelerated deployments using DevOps and Cloud technologies. Automated defence will solve the modern world security challenges using near real-time alerting system, serverless technologies and centralised monitoring system.
Participants will get
Step by Step Gitbook covering the entire training (html, pdf, epub, mobi) Custom Ansible Playbooks
Automated Defence Solution for AWS, Azure, GCP

Who Should Take This Course:
  • Security Engineers & Analysts
  • SOC Teams
  • DevOps Teams
  • Who is interested in automating security monitoring
Requirements:
  • Able to use Linux CLI
  • Basic understanding of TCP/IP
  • Security Experience would be plus
  • Understanding about different cloud providers will be advantage

Speakers
avatar for Madhu Akula

Madhu Akula

Automation Ninja, Appsecco
Madhu is a security ninja and published author. Madhu’s research papers are frequently selected for major security industry conferences including Defcon 26,24 , Blackhat USA 2018, Appsec EU 2018, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India... Read More →
GL

Gwilym Lewis

CEO, Appsecco
Gwilym is the CEO of Appsecco, an application security consultancy with offices in the UK, Qatar, India, and the USA.Gwilym has long experience in delivering cyber security workshops, seminars and event presentations for technical and  non-technical audiences alike including to the... Read More →


Tuesday July 3, 2018 8:00am - Wednesday July 4, 2018 5:00pm BST
Chaucer- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

8:00am BST

2-Day Training: Pentesting the Modern Application Stack
Limited Capacity seats available

Continuous Build & Deployment tools, Message brokers, Configuration Management systems, Resource Management systems and Distributed file systems are some of the most common systems deployed in modern cloud infrastructures thanks to the increase in the distributed nature of software. Modern day pentesting is no more limited to remote command execution from an exposed web application. In present day scenario, all these applications open up multiple doors into a company’s infrastructure. One must be able to effectively find and compromise these systems for a better foothold on the infrastructure which is evident through the recent attacks on the application stack through platforms like Shodan paving  way for a full compromise on corporate infrastructures.

In this 2 day course we start by looking into red team tactics for pentesting modern application stack consisting of Databases,CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search technologies and Message Brokers.

Along with the training knowledge, the course also aims to impart the technical know-how methodology of testing these systems. This course is meant for anyone who would like to know, attack or secure the modern day stack. The students are bound to have some real fun and entirely new experience through this unique course, as we go through multiple challenging scenarios one might not have come across.

During the entire duration of the course, the students are expected to learn the following:
  • Look for vulnerabilities within the application stack.
  • Gain in depth knowledge on how to pentest the modern stack consisting of Continuous Build & Deployment tools, Message broker's, Configuration Management systems, Resource Management systems and Distributed file systems.
  • Security testing of an entire application stack from an end-to-end perspective.

Speakers
avatar for Francis Alexander

Francis Alexander

Security Engineer, Envestnet|Yodlee
Francis Alexander, Security Engineer for Envestnet|Yodlee has over 3+ years of experience in the application security industry, the author of NoSQL Exploitation framework and NoSQL honeypot. His area of interest include NoSQL databases, machine learning and cloud security. He has... Read More →
avatar for Bharadwaj Machiraju

Bharadwaj Machiraju

Senior Information Security Engineer, LinkedIn
Bharadwaj Machiraju is mostly found either building infosec tools or hunting bugs for fame. All tools are available at https://github.com/tunnelshade and all ramblings at tunnelshade.in/@tunnelshade_. He has spoken at few conferences and apart from information security he is interested... Read More →


Tuesday July 3, 2018 8:00am - Wednesday July 4, 2018 5:00pm BST
Shelley- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

8:00am BST

2-Day Training: Web Application Security Essentials
Limited Capacity seats available

In order to protect your web applications, you need to understand how hackers will attack them. This 2-days course combines theory and hands-on practical exercises which will allow participants to learn about common web vulnerabilities such as the ones described in the OWASP Top 10. Participants are given access to a purpose-built web application that contains vulnerabilities discussed during the course and are asked to exploit them using different open source tools and techniques.


Speakers
avatar for Fabio Cerullo

Fabio Cerullo

Fabio Cerullo is an official certified instructor for (ISC)², the global leader in cybersecurity education and certification. Fabio has over 15 years of experience in the information security field gained across a diverse range of industries ranging from financial and government... Read More →


Tuesday July 3, 2018 8:00am - Wednesday July 4, 2018 5:00pm BST
Keats- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE