Please contact us directly at trainings@comae.io if you have questions for any of the below trainings.
– Fees are non-refundable after April 1, 2019.
– Failure to attend the conference without written notification as detailed above prior to the start of the course will be considered a “No Show” and will result in forfeiture of fees paid in full.
2 Day Course, lecture and exercises
Date: 17-18 April 2019
Any registration after the 1st March will subject to a 20% fee.
Overview:
With the increased, and eventually complete, reliance on APIs in modern systems, as well as the quick decline of the monolithic architecture for systems and applications; it is becoming increasingly necessary to tackle and understand the various security issues, weaknesses, and gotchas in API designs. Many products, platforms, and technologies now expose an API or two (or many more), sometimes in a decentralized and autonomous fashion. Where does security come in this new world of rapid build-up and teardown of microservices and serverless (functionality as a Service – Faas) architectures? How do web and mobile apps securely communicate with APIs through devices they can’t trust, network paths they cannot predict, and on infrastructure, they don’t own? All of that and many more will be studied, tried, tested and answered in this fast-paced, a scenario-based hands-on training course. This course will discuss various attacks and countermeasures for security issues typically found in API servers and clients such as authentication, injection attacks, credential handling, cryptography, authorization, caching, secure file and resource management, and many more. This training aims to engage students in the design, analysis, and breakdown of security in clientside and serverside components of modern APIs and application infrastructure while combining both new and old attack vectors and pitfalls. This course doesn’t reinvent the wheel in security, but it will help you not to reinvent the old bugs.
Who Should Attend:
Key Learning Objectives:
Prerequisite Knowledge:
Hardware/Software Requirements:
Note: VMware player or VirtualBox is not suitable for this training.
Agenda:
Mohammed Aldoub is an independent security consultant from Kuwait, who, in his 10 years of
experience, worked on creating Kuwait’s national infrastructure for PKI, cryptography,
smartcards and authentication. Mohammed delivered security trainings, workshops and talks in
the Netherlands, USA, Czech Republic, Lebanon, Riyadh, Kuwait, and other places.
Mohammed is deeply interested in malware, especially those used by state actors in the Middle
East zone, where he volunteers as OWASP Kuwait’s chapter leader. Mohammed is focusing now
on secure devops, modern appsec, cloud-native security, applied cryptography, security
architecture and microservices. You can find his twitter account at https://twitter.com/Voulnet
Ready for a more defense focused edition?