"Vulnerability Management" training programme - " Finding Vulnerabilities ll - Looking into Code"
from
Wednesday, July 14, 2021 (2:00 PM)
to
Wednesday, September 15, 2021 (5:30 PM)
Monday, July 12, 2021
Tuesday, July 13, 2021
Wednesday, July 14, 2021
2:00 PM
Code Audits
Code Audits
2:00 PM - 3:00 PM
"Code audits - how to improve the quality of the code" Software without bugs or vulnerabilities doesn't exist. If your organization runs software development teams they would be aware of the importance of the secure software development lifecycles and relating subjects. This webinar will introduce some basic concepts as well as tools that help developers to identify bugs before the software goes into production. What you will learn: What are code audits? Why code audits? Planning - How to deal with closed source software? - How to deal with open source software? Tools - Code Scanner - SonarQube - White Source - Coverity? - OWASP Dependency Check Fuzzing/Fuzzer - Web apps: - OWASP ZAP-Proxy - Burp suite - Microsoft One Fuzz https://github.com/microsoft/onefuzz Static Application Security Testing (SAST) Tools Dynamic Application Security Testing (DAST) Tools (Primarily for web apps) Interactive Application Security Testing (IAST) Tools - (Primarily for web apps and web APIs) Static Code Quality Tools Duration: 1 hour Presenter(s)/Facilitator(s): Stefan Kelm, DFN-CERT Affiliation (WP/Task): WP8 Task 1 Authors (content is created by): Tobias Dussa, Klaus Möller, DFN-CERT
Thursday, July 15, 2021
Friday, July 16, 2021
2:00 PM
Vulnerability Disclosure
Vulnerability Disclosure
2:00 PM - 3:00 PM
"Responsible Disclosure – Letting the cat out of the bag" So you have found vulnerabilities in other people's code. Or other people have found vulnerabilities in your own code. Either way: how to handle the situation? In the long run, trying to keep information about the vulnerability under wraps is unlikely to work, so in this module, we will cover some aspects and strategies of how to approach this issue. What you will learn: - Concepts - Vulnerability handling - Vulnerability disclosure - Exploitation - Advisories Defining Vulnerability policies How to report vulnerabilities to others (Vulnerability reporting) - CVE CNA - Coordinating vulnerability activities Receiving vulnerability information Duration: 1 hour Webinar Host: Pauline Smith (GLAD) Presenter(s)/Facilitator(s): Tobias Dussa, DFN-CERT Affiliation (WP/Task): WP8 Task 1 Authors (content is created by): Stefan Kelm, Klaus Möller DFN-CERT
Saturday, July 17, 2021
Sunday, July 18, 2021
Monday, July 19, 2021
Tuesday, July 20, 2021
Wednesday, July 21, 2021
Thursday, July 22, 2021
Friday, July 23, 2021
Saturday, July 24, 2021
Sunday, July 25, 2021
Monday, July 26, 2021
Tuesday, July 27, 2021
Wednesday, July 28, 2021
Thursday, July 29, 2021
Friday, July 30, 2021
Saturday, July 31, 2021
Sunday, August 1, 2021
Monday, August 2, 2021
Tuesday, August 3, 2021
Wednesday, August 4, 2021
Thursday, August 5, 2021
Friday, August 6, 2021
Saturday, August 7, 2021
Sunday, August 8, 2021
Monday, August 9, 2021
Tuesday, August 10, 2021
Wednesday, August 11, 2021
Thursday, August 12, 2021
Friday, August 13, 2021
Saturday, August 14, 2021
Sunday, August 15, 2021
Monday, August 16, 2021
Tuesday, August 17, 2021
Wednesday, August 18, 2021
Thursday, August 19, 2021
Friday, August 20, 2021
Saturday, August 21, 2021
Sunday, August 22, 2021
Monday, August 23, 2021
Tuesday, August 24, 2021
Wednesday, August 25, 2021
Thursday, August 26, 2021
Friday, August 27, 2021
Saturday, August 28, 2021
Sunday, August 29, 2021
Monday, August 30, 2021
Tuesday, August 31, 2021
Wednesday, September 1, 2021
Thursday, September 2, 2021
Friday, September 3, 2021
Saturday, September 4, 2021
Sunday, September 5, 2021
Monday, September 6, 2021
Tuesday, September 7, 2021
Wednesday, September 8, 2021
Thursday, September 9, 2021
Friday, September 10, 2021
Saturday, September 11, 2021
Sunday, September 12, 2021
Monday, September 13, 2021
Tuesday, September 14, 2021
Wednesday, September 15, 2021
2:00 PM
Breach and Attack Simulation
Breach and Attack Simulation
2:00 PM - 3:00 PM
Date of delivery: Wednesday, 08th of September 2021 "Break and Attack Simulation - matching attacker behaviour with vulnerabilities" Breach and Attack Simulation (BAS) is a relatively new approach to vulnerability assessment that goes beyond simple scoring of vulnerabilities by also taking the modus operandi of adversaries into account. This webinar will give an introduction into the topic and present some open source tools to do BAS. What you will learn: What is ... Why ... Planning Tools - Infection Monkey - Metta adversarial simulation tool (Uber) - Flight SIM (AlphaSOC) - Red Team Automation (Endgame) - Atomi Red Team (Red Canary) Duration: 1 hour Webinar Host: Pauline Smith (GLAD) Presenter(s)/Facilitator(s): Klaus Möller, DFN-CERT Affiliation (WP/Task): WP8 Task 1 Authors (content is created by): Stefan Kelm, Tobias Dussa, DFN-CERT