Global AppSec Singapore- 04 October - 05 October 2023
Schedule & Trainings
Training subject to change based on trainer availability and meeting the number of students per trainer request.
Pricing SGD 1145.00
API Security Testing 101
In the digital era, APIs serve as critical components of our systems. However, their prominence also makes them prime targets for cyber-attacks and substantial data breaches. This comprehensive one-day training program has been designed to equip participants with an introduction of API security principles, vulnerabilities, and protective measures. The course is a blend of theoretical concepts, case studies derived from real-world incidents, and hands-on exercises. These exercises take the form of an engaging and competitive Capture The Flag challenge, and the winner will be crowned as API Security Champion.
Don’t trust my input- Frontend Security for Developers and Testers
This training focuses entirely on frontend security. For one day we don't look at the backend; instead, we focus on exploiting vulnerabilities in the frontend application to target other users. The course covers various topics, including simple and advanced Cross-Site Scripting XXS, Same-Origin Policy, and browser-based defense mechanisms. Through this training, participants can gain a deeper understanding of frontend security, as well as the intricate behavior of web browsers. This course is highly beneficial for web developers who write frontend or full-stack code, as well as security specialists who primarily focus on backend attacks. Our instructors will teach you how to perform attacks using popular tools such as Burp or OWASP ZAP. We believe that conducting attacks ourselves is the best and most enjoyable way to learn about security. To facilitate this, we provide a lab environment that each participant can use during the training to explore artificial but realistic vulnerabilities. Additionally, we also discuss possible mitigations and how they can be implemented to enhance security.
Hacking Modern Web Apps - Master the Future of Attack Vectors
This session offers participants an interactive introduction to application Threat Modeling and its use as a technique for identifying consequential, Yes, and..., security requirements. A key focus of this course is applying Threat Modeling as a daily practice within your organization's software development processes, to improve the overall quality and security of the applications you build. In addition to addressing key questions around the Five Ws, the presentation will cover the instructor's Seven Questions approach, adapted from Adam Shostack's Four Questions to developing a model, and include several interactive exercises to provide direct experience. A brief review of available modelling tools will also be included, along with a discussion of the opportunities and challenges for introducing Threat Modelling into your SDLC.