The virtual training classes are 8 hour courses offered in 4-hour blocks over two days. The trainings will begin at 12:00pm Eastern Time (USA)/6:00pm Central European Time.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Tuesday, January 26

12:00pm EST

Modern Web Application Hacking for Beginners (4 hr, 1-Part Course)
In this beginner-oriented training you can try out attacks against the modern web applications OWASP Juice Shop! There are almost 100 hacking challenges that are waiting to be solved, but in this training we will focus on up to four categories:
  • Cross-Site Scripting
  • Injection
  • Authentication Flaws
  • Authorization Flaws
The training will consist of multiple short teasers to the above vulnerabilities and lots of time for hacking! Your pace is entirely up to you! Some challenges can optionally be tackled in a "swarm-hacking" style together via shared screen on Zoom. Over the entire duration of the training you can get first-hand hints by your trainer in case you get stuck on any challenge.
All participants must install OWASP Juice Shop before the training in a variant of their own choice - please test that the application starts without error! In case of problems with the installation, please check the troubleshooting guide or ask for assistance in the community chat.

**NOTE: This free diversity training is made possible by the OWASP Women in AppSec and OWASP Outreach Committees. Attendees must have applied by Jan. 18th to be considered to attend this program.

avatar for Bjoern Kimminich

Bjoern Kimminich

Bjoern Kimminich is responsible for Architecture Governance + Application Security at Kuehne + Nagel. On the side, he gives IT security lectures at the non-profit private university Nordakademie. Björn also is the project leader of the OWASP Juice Shop and a board member for the... Read More →

Tuesday January 26, 2021 12:00pm - 4:00pm EST

12:00pm EST

DevSecOps Workshop: Putting Security Checks into your Build Pipeline (8 hr, 2-Part Course)
This course gives insight into automation capabilities of security scans, which perfectly fit into many build pipelines. Taking into account frontends (Web) as well as backends (APIs), you will learn what steps of a security analysis can be best automated – and how. By focussing on OpenSource solutions (OWASP ZAP), you will get a tool arsenal with different automation options ready to test your application’s security on every build. During this workshop we will enhance a typical Jenkins-based CI/CD pipeline (every attendee will get an individual Jenkins server in the cloud ready to use with multiple levels of tool integrations) with a specially prepared vulnerable training application step by step into a full-fledged awesome DevSecOps AppSecPipeline.

avatar for Christian Schneider

Christian Schneider

Christian has pursued a successful career as a freelance Java software developer since 1997 and expanded it in 2005 to include the focus on IT security. His major areas of work are penetration testing, security architecture consulting, and threat modeling. As a trainer, Christian... Read More →

Tuesday January 26, 2021 12:00pm - Wednesday January 27, 2021 4:00pm EST