Attending this event?
The virtual training classes are 8 hour courses offered in 4-hour blocks over two days. The trainings will begin at 12:00pm MSK (UTC + 3)

OWASP Members save $50 off the cost of a training course. Email events@owasp.com for your member discount code. If you are not an OWASP Member, please consider joining here.


Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Beginner [clear filter]
Tuesday, June 15

12:00pm MSK

Cloud-Native Microservices Security Bootcamp
All developers today are also DevSecOps engineers even if they are not aware of it. In this Bootcamp, you will learn how to secure cloud-native Java microservices. First, we will look into what are the common security risks for server-side applications. Then we will directly dive into the hands-on coding parts to see how we can mitigate those security risks in our own applications. Specifically, we'll see how the security patterns are implemented with the most widely used frameworks Spring Boot (main focus) and Micronaut (partly). In the last part, you will also learn how to implement automated security tests along the testing-pyramid.

Learning Objectives:
- OWASP Top 10 (Web Application Security Risks)
- OWASP API Top 10 - Securing Spring Boot applications
- Securing Micronaut applications - Authentication and Authorization
- Basic Auth, Session Management, MTLS, WebAuthn
- OAuth 2.0 and OpenID Connect
- Configuring HTTPS connections
- Encryption and password hashing
- Security response headers
- Defense against Session Hijacking, SQL injection, XSS, and CSRF
- Securing both blocking servlet-based and non-blocking reactive web applications
- Automated security tests

avatar for Andreas Falk

Andreas Falk

Managing Consultant, Novatec Consulting
Andreas Falk works for Novatec Consulting located in Stuttgart/Germany. For more than 20 years, he has been involved in various projects as an architect, coach, and developer. His focus is on the agile development of cloud-native Java applications. As a member of OWASP and the OpenID... Read More →

Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm MSK
Zoom - UTC +3

12:00pm MSK

DevSecOps Masterclass - Discoverer Edition
Managing comprehensive security for continuous delivery of applications across organizations continues to remain a serious bottleneck in the DevOps movement. The methodology involved in implementing effective security practices within delivery pipelines can be challenging. This training is designed to give a practical approach of implementing Security across Continuous Delivery Pipelines by leveraging the plethora of cloud offerings and is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work. The training starts with Application Security Automation for SAST, SCA and DAST, apart from Vulnerability Management and Correlation. Finally, the training concludes with leveraging Security Automation in the Cloud with detailed perspectives of implementing scalable security for cloud-native deployments. By the end of this training, attendees will have ideas and hands-on experience to successfully kickoff DevSecOps implementations.

avatar for Nithin Jois

Nithin Jois

Senior Security Solutions Engineer, we45
Nithin Jois dons two hats - Apart from being one of the lead trainers at AppSecEngineer, he is also a Senior Solutions Architect at We45 where he has helped build multiple solutions ranging from Vulnerability management to scalable scanner orchestrating systems that leveraged container... Read More →

Tuesday June 15, 2021 12:00pm - Wednesday June 16, 2021 4:00pm MSK
Zoom - UTC +3