• No notifications yet.
  • Sign Out
logo image
  • logo image
Registered User? Login
Forgot Password?
Sign Up
loader image
New User? Sign Up
Forgot Password?
Login
loader image

    Tech Track Day, October 17

    On October 17, from 9 am to 4 pm, we will be hosting our first tech track day, which was created based on feedback gathered last year from members. The instruction will consist of two topics:


    Discovering Flaws and Bugs - A Better Way to Integrate BSIMM AA and PT Activities

    Penetration testing (BSIMM PT) and secure code review (BSIMM CR) can uncover many types of security issues in an application; however, there are gaps that simply cannot be found with these traditional analysis techniques. Threat modeling discovers potential weaknesses in system design, but threat modeling alone may not determine whether a given weakness is exploitable. That’s why savvy testers use threat modeling results to inform penetration testing, SAST, fuzzing, and other security testing methods and determine whether an identified weakness is exploitable and the impact of that exploitation.

    This course introduces Synopsys’ threat modeling process and methodologies to teach students how to identify the assets, security controls, and threat agents for a given system. Students use this information to create a prioritized list of attacks and propose appropriate mitigations by performing the threat model process in a hands-on learning activity. The course then looks at the most important security defects found in web applications, covering some issues in the latest Open Web Application Security Project (OWASP) Top 10 (2017). Each topic describes a vulnerability and provides discovery techniques and demonstrations.

    The culmination of the course is a hands-on activity using information about the design of the system gained from the threat model exercise to uncover vulnerabilities during a Capture-The-Flag-style lab. 

    Objectives

    After successfully completing this course, the student will be able to:

    • Describe the threat modeling process and methodology
    • Use the threat modeling approach for analyzing applications and systems
      • Describe how to relate assets, security controls, and threat agents
      • Understand steps to produce a report describing potential attacks and mitigations
    • Recognize the details of, and the causes behind, common secure coding errors and mistakes in web applications
    • Understand how these software security defects are exploited


    Tech Track is one day of instruction for $850, including hotel for the night before, October 16, and breakfast and lunch.


    Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu.

Powered by  Bizzabo
Looking for your ticket? Contact the organizer
Powered by  Bizzabo
Looking for your ticket? Contact the organizer