JAX DevOps, 21-24 April 2020
The Conference for Continuous Delivery, Microservices, Docker & Clouds

Workshop: how to master your offensive Security Toolstack [SOLD OUT]

Workshop
Join the Software Delivery Revolution! + save up to 30% with the team discounts Register now
Infos
Tuesday, May 14 2019
09:00 - 17:00
Booking note:
Web Security Workshop

Once you’ve completed this workshop, you’ll have practical experience of carrying out manual and automated attacks on web apps. You can transfer these skills to your own software development work and increase the security of your projects in the long-term.

In this hands-on penetration testing workshop, we’ll attack the training web app to take on the role of a pen tester one step at a time. You’ll learn how to work with professional security tools through a range of practical tasks. You’ll also learn pen testers’ general approach for attacking web apps. Of course, we’ll also deal with defensive measures for protecting the security holes found. However, our focus will remain on the systematic use of professional hacking tools for carrying out security analyses. 

As a second objective of this workshop, you will learn what type of security checks can be automated and how this DevOps-style automation of security checks within build chains is best done.

During the course we will attack a prepared demo web-application using tools and techniques available in the Kali Linux VM. Aside from finding vulnerabilities inside this demo application, we will also use tools to escalate them into even more critical vulnerabilities during post-exploitation. 

Aside from manually using the security tools to find and exploit security vulnerabilities, most of them can also be utilized in fully automated ways, being a nice fit into DevOps architectures to enrich CI/CD pipelines with security checks.

The target audience for this hands-on workshop are developers interested in security as well as test engineers / QA wanting to include security tests into their testing arsenal and widen their toolset. 

No special deeper development or security knowledge is required to attend this workshop. But a bit of linux shell usage proves definitely helpful when joining. 

As this workshop is a tutorial rich day, there are a couple of basic requirements that need to be met if you’d like to take part in these practical tasks:

•    Laptop computer running a pre-installed copy of the “Kali Linux” VM! This Linux distro that’s designed for pentesters can be downloaded for free from https://kali.org as a VMWare image (recommended) or as a VirtualBox image or also as an ISO image file. So that you don’t have to completely wipe all the data on your laptop, it’s, of course, perfectly ok to install this into a virtual machine. Because of the time it takes to install I strongly recommend that you install Kali Linux into a VM on the laptop you’ll be bringing along so that you have a runnable copy of it before you attend the workshop.
•    Fundamental (basic) knowledge of working with the Linux command line is definitely helpful. But don’t worry, no deep Linux knowledge is required to be able to follow the supervised tutorials. Though, you shouldn’t be afraid of the bash shell and the command line interface.
•    At the workshop, I’ll share the training web app via a separate download link (approx. 30 MB) or USB stick — which we’ll then use and attack in the Kali VM.
And for those without a laptop computer during the workshop: Even without one to be able to take part in the practical tasks, you’ll obviously pick up a lot of information from the workshop. Though, if you want to test your knowledge in the scanning and attacking tasks, you really should bring along your own laptop.

Behind the Tracks

BUSINESS & COMPANY CULTURE
the process of becoming fully agile
CLOUD PLATFORMS
Cloud-based & native apps
DOCKER & KUBERNETES
Docker, Kubernetes, Mesos & Co
CONTINUOUS DELIVERY
Build, test and deploy agile
MICROSERVICES
Maximize development productivity
Business & Company Culture

Business & Company Culture

Cloud Platforms

Cloud Platforms

Docker & Kubernetes

Docker & Kubernetes

Continuous Delivery

Continuous Delivery

Microservices

Microservices

Monitoring & Diagnostics

Monitoring & Diagnostics