Workshop Topic Details:
Web App Pentesting OWASP Top 10
We'll walk through exploiting the most common vulnerabilities listed on the OWASP Top 10 (ex: sql injection, cross site scripting, cross site request forgery, etc) using industry standard testing tools on a vulnerable web app (Vicnum) written by Nicole Becher.
We're excited to have Nicole Becher as our guest instructor. Nicole is a Senior Auditor at CipherTechs, Inc., a security solutions company based in New York City. She specializes in application security, penetration testing and computer forensics. She previously worked for a financial regulator on a variety of projects including assessing the cyber readiness of large and complex financial institutions, drafting formal cyber regulations and was on the team that drafted the first regulatory framework for Bitcoin/virtual currency companies. Nicole is also an adjunct instructor at New York University, teaching courses on offensive and defensive computer security, intrusion detections, web application security and computer forensics. Her research interests include malware analysis, cryptography, hardware programming, web application security, cyber crime and cyber laws/regulation. Nicole is also a fellow of the Madison Policy Forum, a cyber security focused policy group bridging military, government and industry. She is a contributor to the OWASP (Open Web Application Security Project) community and wrote vulnerable software for the “capture the flag” contest at AppSecUSA 2013.
Bonus: get your resume ready. CipherTechs is hiring all levels (including entry level).
For Every Workshop:
This is a hands-on workshop where you will put into practice those things you may have read about or covered in a class. This is also a great opportunity to meet other like-minded women and to keep your skills fresh if you're a veteran! You will also earn continuing education credits towards your certification renewal.
Every workshop progresses from beginner through advanced topic material. Beginners are encouraged to watch and learn as much as possible even though you might not have a clue. Exposure to new tools and techniques by watching will advance your learning process a lot more quickly than trying to learn on your own. You will get to ask questions and see how it's done in the real world. Advanced attendees are encouraged to share their knowledge and experience and help answer "noob" questions as much as possible.
1200 - 100: Set-up, introductions, and lunch (included)
100 - 600: Training
(Please note that this will be active workshop time - if you have not completed set-up it will be challenging to follow along.)
600 - ? Dinner/Drinks @ Fraunces Tavern. We'll head out after the workshop to mingle.
Basic IT knowledge.
A good attitude and willingness to learn.
Remote and Male Associate Member Participation:
Register online. Once registered, you'll receive the meeting participation info by email the day before the workshop. Expect to join 15-30 minutes prior to test your technical configurations.
- Laptop with Kali installed in a virtual machine. Please request assistance with prep - we're happy to help. We don't have time at the workshop to troubleshoot. No need to reinstall if you already have it.
[Easy install. Import the ova file into virtualbox or vmware player. Kali 64 bit or Kali 32 bit]
Full/Student/Military Member: $35
Associate Member and Remote Attendee: $15
CTA Member: FREE with code
Free (non-paying) Member: $50
Thinking we (DC folks) can carpool on Sept 11 and head back after dinner on Sept 12. More info on that when you register.