OWASP Global AppSec Lisbon 2024

Training courses require a separate ticket purchase than conference tickets.
Student tickets are only applicable to conference dates, not training.
This course is available in person and online 

Core Modules
00-00 Introduction to Application Security (1 hr): Goals and Threats in AppSec
00-01 Input Validation Basics (1 hr): Allowlist Validation, Safe Redirects
00-02 HTTP Security Basics (1.5 hrs): Response/Request Headers, Verbs, Secure Transport Basics
00-03 SOP and CORS (1 hr): Same-Origin Policy, Cross-Origin Resource Sharing Security
00-04 API and REST Security (2 hrs): REST Design, XML, XXE, JSON, API Access Control
00-05 Microservice Security (2 hrs): Security Architectures in Microservices
00-06 JSON Web Tokens (JWT) (1 hr): Addressing JWT Security Challenges
00-07 SQL and Other Injections (1.5 hrs): Parameterized Queries, Secure Database Configurations, Command Injection
00-08 Cross-Site Request Forgery (1.5 hrs): CSRF Defenses for Various Architectures
00-09 File Upload and File I/O Security (1 hr): Secure File Upload, File I/O Security
00-10 Deserialization Security (0.5 hr): Safe Deserialization Practices
00-11 Artificial Intelligence Security (1-8 hrs): Securing AI Implementations, Full Course
00-12 Third-Party Library Security Management (1 hr): Ensuring Third-Party Library Security
00-13 Introduction to Cloud Security (1 hr): Basics of Cloud Security Management
00-14 Introduction to iOS and Android Security (1 hr): Mobile Security Fundamentals

Standards
01-00 OWASP Top Ten (1-4 hrs): Top Ten Web Security Risks 01-01 Introduction to GDPR (1 hr):
European Data Privacy Law
01-02 OWASP ASVS (1 hr): Comprehensive Secure Coding Standard
01-03 OWASP Top Ten Proactive Controls (1 hr): Web Security Defense Categories
01-04 PCI Secure SDLC Standard (1 hr): Credit Card SDLC Requirements

User Interface Security
02-00 XSS Defense (2 hrs): Client-Side Web Security
02-01 Content Security Policy (1 hr): Advanced Client-Side Web Security
02-02 Content Spoofing and HTML Hacking (.5 hr): HTML Client-Side Injection Attacks
02-03 React Security (1 hr): Secure React Application Development
02-04 Vue.js Security (1 hr): Secure Vue.js Application Development
02-05 Angular and AngularJS Security (1 hr): Secure Angular Application Development
02-06 Clickjacking (0.5 hr): UI Redress Attack Defense

Identity & Access Management
03-01 Authentication Best Practices (1.5 hrs): Web Authentication Practices
03-02 Session Management Best Practices (1.5 hrs): Web Session Management Practices
03-03 Multi-Factor Authentication (1 hr): NIST SP-800-63 Compliant MFA Implementation
03-04 Secure Password Policy and Storage (1 hr): Secure User Password Policy and Storage
03-05 Access Control Design (1 hr): ABAC/Capabilities-Based Access Control
03-06 OAuth2 Security (1 hr): OAuth2 Authorization Protocol
03-07 OpenID Connect Security (1 hr): OpenID Connect Federation Protocol

Crypto Modules
04-00 Secrets Management (1 hr): Key and Credential Storage Strategies
04-01 HTTPS/TLS Best Practices (1 hr): Transport Security Introduction
04-02 Cryptography Fundamentals - Part 1 (4 hrs): Terminology, Steganography, Attacks, Kerchoff's Principle, PFC 04-03 Cryptography Fundamentals - Part 2 (4 hrs): Hash Functions, Symmetric Cryptography, Randomness, Digital Signatures

Process
05-00 DevOps Best Practices (1 hr): DevOps and DevSecOps with a CD/CI Focus
05-01 Secure SDLC and AppSec Management (1 hr): Managing Secure Software Processes

Additional Topics
06-00 User and Helpdesk Awareness Training (1 hr): Security Awareness for Non-Technical Staff
06-01 Social Engineering for Developers (1 hr): Developer Protection Against Social Engineering
06-02 Application Layer Intrusion Detection (0.5 hr): Detecting App Layer Attacks
06-03 Threat Modeling Fundamentals (1 hr): Security Design via Threat Modeling
06-04 Forms and Workflows Security (0.5 hr): Secure Handling of Complex Forms
06-05 Java 8/9/10/11/12/13+ Security Controls (1 hr): Java Security Advances
06-06 Logging and Monitoring Security (0.5 hr): Security-Focused Logging
06-07 Subdomain Takeover (1 hr): Preventing Subdomain Takeover Scenarios
06-08 Laravel and PHP Security (1 hr): Focus on PHP Security

Lab Options
07-00 Competitive Web Hacking LABS (1-4 hrs): Hands-on Web Hacking Labs
07-01 Competitive API Hacking LABS (1-4 hrs): Hands-on API Hacking Labs
07-02 Secure Coding Knowledge LABS (4 hrs): Hands-on Secure Coding Labs