This August we will be at the BlackHat USA 2022 to conduct training on 'PURPLE-TEAM AWS: 2022 EDITION'
KEY TAKEAWAYS:
? Each lab has an Attack-Detect-Defend structure, where the student gets a 360 degree perspective of cloud security on AWS. They learn the vulnerabilities and exploit possibilities. They learn the detection capabilities that they can deploy to identify these attacks. And in addition, they also explore defence, that will address the security shortcomings of each scenario in detail.
? Participants get exposure to multiple types of stacks deployed on Amazon Web Services (AWS). This is rooted in practicality as organizations are rapidly evolving their stack to suit cloud-native environments. This makes the class future-proof.
In this exclusive snippet of the AppSecEngineer Podcast featuring guest Mark Willis from Bluescape, Mark talks about how he approaches hiring new talent for a small company.
Watch the full video here: https://www.youtube.com/watch?v=GJ_PVglEJvQ&t=242s
Without the brand name or financial resources to hire the 'best of the best', how can small companies find and hire new talent and maintain a high standard of security competency?
According to Mark, it's not about looking for people who have the best skills or the most experience (most of them will already be hired somewhere else), but you should be after candidates that can show they have the potential and willingness to learn and grow as professionals.
----------------
AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
#AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers
Learn more about us at: https://appsecengineer.com
Twitter: https://twitter.com/AppSecEngineer
Linkedin: https://www.linkedin.com/company/appsecengineer/
...
https://www.youtube.com/watch?v=TAi5HpX8aWk
As we move into new age of computing, application security, and product engineering, it's important to anticipate imminent shifts in technology. Artificial Intelligence (AI), quantum computing, and serverless increasingly dominate the software landscape. Given a few years, they may even come to dominate the processes of software development, cloud hosting, and security automation.
In this short clip, Keith Hoodlet talks about what he believes will be the next step for application security.
#applicationsecurity #podcast #AppSecEngineer
Learn more about Application Security and DevSecOps at- https://appsecengineer.com/
Explore the course plans and free trial at- https://appsecengineer.com/pricing/
Watch the full interview here: https://www.youtube.com/watch?v=S0Kx-Ct6aVg
...
https://www.youtube.com/watch?v=kRXqIEuntDs
In this broadcast Abhay looks at the week that was. We'll be exploring the interesting stories, articles and viewpoints in AppSec from the last week
#confluenceRCE #AppSecNews #AppSecEngineer
...
https://www.youtube.com/watch?v=QMZT6GPa4ig
Learn more: https://www.appsecengineer.com/
Get your team hands-on training in security: https://www.appsecengineer.com/main-menu-pages/teams
Check out our Secure Coding Collection: https://www.appsecengineer.com/secure-coding-collection
2023 has had some of the most devastating cyberattacks and data breaches ever recorded. Is this what the future of tech is going to look like?
Not if we can help it! In this video, Aneesh Bhargav goes over the 12 biggest cyberattacks in the last year: attacks that have targeted healthcare, finance, government organisations and more.
By examining the various exploits and techniques used by hackers, we can learn how to better defend ourselves against cybercrime and prevent millions of dollars in lost revenue and customer trust.
...
https://www.youtube.com/watch?v=cVVBwcJu4Po
Mass Assignment is a powerful Authorization Vulnerability that has been used by researchers and attackers to compromise popular sites like Github in the past. Mass Assignment relies on attackers being able to discover and tamper with parameters that are passed through to the server-side. Attackers identify and exploit insecure implementation of authorization that are caused by developer error in terms of validating and handling parameters in popular #MVC (Model View Controller) frameworks. #MassAssignment was made popular when Github, a Ruby on Rails application, was compromised. However, this vulnerability affects apps across languages and frameworks alike. More recently, Mass Assignment has been quite a serious vulnerability against APIs, including REST and GraphQL. In fact it has made it to one of the key items in the OWASP #APISecurity Top 10 over the last year. In this video Abhay explores Mass Assignment in typical #AppSecEngineer style. He explains what Mass Assignment is, and how it can affect your application and API. Subsequently, he demonstrates a Mass Assignment attack against a NodeJS Express Web API using the Mongoose ODM. After that he walks us through some of the key parameters of defense against Mass Assignment
#Securityengineerinterviewquestions
Chapters:
0:00 - Intro
1:07 - What is Mass Assignment?
8:09 - Exploiting and Defending Mass Assignment Demo
...
https://www.youtube.com/watch?v=Vtin8bdBk5g
One lucky winner will win the DevSecOps Bundle on AppSecEngineer!
Join the giveaway here: https://forms.gle/wiDYyn95CKXba5267
In this live Friday Fireside chat, we're joined by Het Mehta, associate security analyst at Accops.
We'll be going head-to-head against him, setting up complex defensive security scenarios. As a red-teamer and offensive security expert, it's his job to figure out how to break the defensive measures we've set up!
This is totally different from anything we've done yet, so strap in for an excited 30 minutes of on-the-fly security problem-solving!
...
https://www.youtube.com/watch?v=GRj6q57Vnc0
Learn more at: https://www.appsecengineer.com/security-architect
Security architecture is all about ensuring security at every stage of the SDLC: right from design, coding, and testing, to deployment and maintenance.
Hands-on AppSec training is essential to building a culture that prioritizes security without slowing down your pace of development.
Develop a security strategy that can achieve all three: resilience, efficiency, and long-term sustainability.
With AppSecEngineer, you get nearly 60 courses and 800+ hands-on labs in AppSec, AWS security, DevSecOps, Kubernetes and more.
Learn how to build long-term security strategies with AppSecEngineer: https://www.appsecengineer.com/security-architect
Understand how AppSecEngineer can get your entire product team competent in 8 domains of AppSec: https://www.appsecengineer.com/main-menu-pages/teams
#appsec #pentesting #aws #devsecops #security #appsecengineer #applicationsecurity #securitytraining #securityengineer #devops #cloudsecurity #cloud
...
https://www.youtube.com/watch?v=tXlmMZM_xTQ
Register here: https://sectrain.hitb.org/courses/attacking-the-application-supply-chain-hitb2023ams/
We're coming to HITB SecTrain 2023 in Amsterdam! We're bringing back our smash-hit course, Attacking the Application Supply Chain, which was sold out at Black Hat USA 2022.
Learn about server-side and client-side dependencies, containers, CI/CD Tools, and more.
KEY TAKEAWAYS:
? Understanding the various supply chain elements and risks to those supply-chain elements for any given application
? A deep-dive story-based red-team perspective with intricate hands-on labs, meant to encourage realistic learning and approaches that they can use from the day after they complete this training, at their job
? Supply-Chain risk is multi-faceted. This training explores a wide-variety of attack and defense possibilities against supply-chain security
WHO SHOULD TAKE THIS COURSE:
* Pentesters
* Red-Teamers
* DevSecOps Professionals
* DevOps Professionals
* Cloud Security Pros
* Application Security Managers
Register here - https://www.blackhat.com/eu-22/training/schedule/index.html#attacking-the-application-supply-chain-28216
#we45 #applicationsecurity #attackingstrategy #software #supplychain #security
...
https://www.youtube.com/watch?v=3OYtzpOuYPU