LASCON 2024 Training

L ASCON Trainings are events held in conjunction with the LASCON conference. Trainers are highly respected and experts in their field. Typically, the trainers have presented at several other quality events unrelated to OWASP, like Black Hat or other industry events. For LASCON 2024, the training offerings are both two day and one day trainings - please check the training you are signing up for the length.

Building Your Own AI Cybersecurity Strategy: A Comprehensive & Practical Guide for Business Executives and Security Leaders

Trainer: Mano Paul

Abstract:

This one-day engaging training course is tailored for executives and security management leaders responsible for developing and implementing AI cybersecurity strategies within their organizations. This includes Business and Security Management Leaders and Executives (E.g., CEO, CTO, CIOs, CISOs, CDO, CAIO, Directors, Managers, and Senior Architects).

The course provides a strategic overview of AI cybersecurity, addresses the unique risks associated with AI technologies, and offers practical guidance on building a robust AI security framework. Attendees will learn to align AI cybersecurity initiatives with business objectives and regulatory requirements, with a focus on mitigating risks associated with AI threats and attacks. A final facilitated exercise will introduce the attendees to an AI SECURE Strategy framework, which they will use to build their own AI security strategy that they can take back to their companies to implement.

Trainer Bio:

Mano Paul, a seasoned cybersecurity professional with over 24 years of experience, focuses on AI security. He has delivered keynotes and talks, and conducted training sessions, globally, including at OWASP and RSA conferences. As a published author, his works include 'The Official ISC2 Guide to the CSSLP' and 'The 7 Qualities of Highly Secure Software'. Currently serving as CEO of PRISMAGuard LLC, he provides fractional cybersecurity management advisory and AI security education/training worldwide. With past leadership roles as CTO, Chief Strategies for companies like Driven Brands, GM, and Dell, Mano excels in deploying cutting-edge scalable and secure technology solutions. His expertise spans autonomous vehicles, Blockchain, IoT, and application security. Married to Sangeetha Paul, he enjoys family time and practices Shaolin Do Kung Fu with his sons, Reuben and Ittai. Alongside his passion for cybersecurity, he loves running, gaming, traveling (having visited 30+ countries), and serving his local church.

Hacking APIs - A Beginners Guide to Testing API Security

Trainer: Jason Kent

Abstract:

During this course you will learn the dynamic nature of hacking an API and testing for OWASP Top 10 API Vulnerabilities. In this class each student has been assigned an API to test the security of. The environments are single to each student and allow for the application to be tested over and over without disruption to one another. At the end of the course each student will get a POSTMAN collection of API testing scenarios that can be adapted when they get back to the office.

Trainer Bio:

Working as a wifi hacker and trainer I started my training career in corporate training at UUNet. I have had several roles building out training programs and have contributed to this API Hacking Postman Collection for the last year here at Cequence.

AI SecureOps: Attacking & Defending GenAI Applications and Services

Abhinav Singh

Abstract:

Acquire hands-on experience in GenAI and LLM security through CTF-styled training, tailored to real-world attacks and defense scenarios. Dive into protecting both public and private GenAI & LLM solutions, crafting specialized models for distinct security challenges. Excel in red and blue team strategies, create robust LLM defenses, and enforce ethical AI standards across enterprise services. This training covers both "Securing GenAI" as well as "Using GenAI for security" for a well rounded understanding of the complexities involved in AI-driven security landscapes.

Trainer Bio:

Abhinav Singh is an esteemed cybersecurity leader & researcher with over a decade of experience across technology leaders, financial institutions, and as an independent trainer and consultant. Author of "Metasploit Penetration Testing Cookbook" and "Instant Wireshark Starter," his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge whitepapers and industry reports around safety and security of GenAI.

2 Day Training: Hacking Modern Web apps: Master the Future of Attack Vectors

Abraham Aranguren & Anirudh Anand

Abstract:

This course is the culmination of years of experience gained via practical penetration testing of Modern Web applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Web apps. This course provides participants with actionable skills that can be applied immediately from day 1.

Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with: 1 hour workshop:

https://7asecurity.com/free-workshop-web-apps

Light on the theory, heavy on the practice, each day starts from the basics but quickly complicates things to uncover fun attacks and edge cases that will surprise many. Each day covers static analysis, dynamic checks and finishes off with a nice CTF session to test the skills gained.

Day 1: Focused specifically on Hacking Modern Web Apps: We start with understanding Modern Web Apps and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands-on exercises and CTF-style challenges.

Day 2: Dedicated to Advanced Modern Web App Attacks: We cover advanced attacks specifically targeting the Modern Web App and other platforms such as dumping memory, prototype pollution, deserialization attacks, OAuth, JWT flaws and more. The day is full of hands-on exercises and ends with CTF-style open challenges for additional practice.

Trainer Bio:

Abraham Aranguren

After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

Anirudh Anand

Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Principal Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 9 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard.

Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2020, OWASP NZ 2021, HackFest CA 2021, c0c0n 2019, BlackHat Arsenal 2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground Zero Summit Delhi 2015 and Xorconf 2015.

OWASP in Action: ASPM with OWASP Projects

Harold Blankenship & Tracy Walker

Abstract:

If you are facing the challenge of Application Security Posture Management (ASPM) amidst a plethora of applications and issues, this course is designed to streamline the process using OWASP’s open source projects, optimized for DevSecOps workflows. Over the span of two days, you’ll engage in interactive lectures and labs that showcase the effective application of OWASP tools, as previously implemented by seasoned AppSec teams. Recognizing that the size of AppSec teams is often a limiting factor, the course emphasizes automation of routine tasks to free up your time for more complex problem-solving. Upon completion, you will be equipped with a comprehensive set of strategies and tools to enhance your AppSec initiatives through automation and the integration of OWASP projects, all delivered at DevSecOps pace. The instructors, with over two decades of industry and OWASP project experience, offer practical, proven guidance for achieving success in ASPM.

Trainer Bio:

Harold Blankenship

Harold Blankenship is an open source cybersecurity aficionado who likes to see the proliferation of good open source solutions to everyday application security problems. As the previous Director of Technology and Projects at OWASP, Harold is knowledgeable in and has been a staunch supporter of the various OWASP projects used in this training. Harold is now the Director - Community & Customer Success with DefectDojo, Inc. and is also Vice chair of the OWASP Events Committee.

Harold received his Bachelor of Science degree in Computer Science from Texas State University and his Master of Science in Cybersecurity from New York University.

Tracy Walker

Tracy Walker is a Sr. Security Engineer with over 30 years experience in Information Technology delivering software and technology projects from start-ups to Fortune 50. As a Defect Dojo solution specialist, Mr. Walker assists organizations centralizing and automating their security risk & vulnerability management. Walker has been selected to speak on zero trust and other security topics including RSA 2023 Conference San Francisco, API Days 2023 Hong Kong, GoSec 23 Montreal, and SUSECon 23 Munich.

Host or Publisher OWASP Foundation