Name: "Vulnerability Management" training programme - " Finding Vulnerabilities ll - Looking into Code"
Start: 2021-07-14T14:00:00+02:00
End: 2021-09-15T17:30:00+02:00
Location: Zoom

Wednesday, 14 July
- 14:00 → 15:00
  
  Code Audits 1h
  
  "Code audits - how to improve the quality of the code"
  
  Software without bugs or vulnerabilities doesn't exist. If your
  organization runs software development teams they would be aware of the importance of the secure software development lifecycles and relating subjects. This webinar will introduce some basic concepts as well as tools that help developers to identify bugs before the software goes into production.
  
  What you will learn:
  
  What are code audits?
  Why code audits?
  Planning
  - How to deal with closed source software?
  - How to deal with open source software?
  Tools
  - Code Scanner
  - SonarQube
  - White Source
  - Coverity?
  - OWASP Dependency Check
  Fuzzing/Fuzzer
  - Web apps:
  - OWASP ZAP-Proxy
  - Burp suite
  - Microsoft One Fuzz https://github.com/microsoft/onefuzz
  Static Application Security Testing (SAST) Tools
  Dynamic Application Security Testing (DAST) Tools (Primarily for web apps)
  Interactive Application Security Testing (IAST) Tools - (Primarily for web apps and web APIs)
  Static Code Quality Tools
  
  Duration: 1 hour
  
  Presenter(s)/Facilitator(s): Stefan Kelm, DFN-CERT
  
  Affiliation (WP/Task): WP8 Task 1
  
  Authors (content is created by): Tobias Dussa, Klaus Möller, DFN-CERT
Friday, 16 July
- 14:00 → 15:00
  Vulnerability Disclosure 1h
  "Responsible Disclosure – Letting the cat out of the bag"
  
  So you have found vulnerabilities in other people's code. Or other people have found vulnerabilities in your own code. Either way: how to handle the situation? In the long run, trying to keep information about the vulnerability under wraps is unlikely to work, so in this module, we will cover some aspects and strategies of how to approach this issue.
  
  What you will learn:
  - Concepts
  - Vulnerability handling - Vulnerability disclosure
  - Exploitation
  - Advisories
    Defining Vulnerability policies
    How to report vulnerabilities to others (Vulnerability
    reporting)
  - CVE CNA
  - Coordinating vulnerability activities
    Receiving vulnerability information
  Duration: 1 hour
  
  Webinar Host: Pauline Smith (GLAD)
  
  Presenter(s)/Facilitator(s): Tobias Dussa, DFN-CERT
  
  Affiliation (WP/Task): WP8 Task 1
  
  Authors (content is created by): Stefan Kelm, Klaus Möller DFN-CERT
Wednesday, 15 September
- 14:00 → 15:00
  
  Breach and Attack Simulation 1h
  
  Date of delivery: Wednesday, 08th of September 2021
  
  "Break and Attack Simulation - matching attacker behaviour with vulnerabilities"
  
  Breach and Attack Simulation (BAS) is a relatively new approach to vulnerability assessment that goes beyond simple scoring of vulnerabilities by also taking the modus operandi of adversaries into account. This webinar will give an introduction into the topic and present some open source tools to do BAS.
  
  What you will learn:
  
  What is ...
  Why ...
  Planning
  Tools
  - Infection Monkey
  - Metta adversarial simulation tool (Uber)
  - Flight SIM (AlphaSOC)
  - Red Team Automation (Endgame)
  - Atomi Red Team (Red Canary)
  
  Duration: 1 hour
  
  Webinar Host: Pauline Smith (GLAD)
  
  Presenter(s)/Facilitator(s): Klaus Möller, DFN-CERT
  
  Affiliation (WP/Task): WP8 Task 1
  
  Authors (content is created by): Stefan Kelm, Tobias Dussa, DFN-CERT