In today’s world of Web Applications and REST API, common vulnerabilities like SQL and Command Injection have been taken over by newer, more esoteric variants. As a result, organizations have to deal with vulnerabilities like Server-Side Template Injection, Authentication and Authorization Bypasses with JSON Web Tokens, Cryptographic Flaws, and Server-Side Request Forgeries.

The best way that we’ve seen to work with these flaws is to have a ‘Purple Team’ approach. In this 90-minute training session, we will train you to defend these attacks with an intrinsic understanding of how they work. We aim this approach at helping you understand attack patterns and defense mechanisms to thwart these flaws.

We’ve built state-of-the-art cyber ranges to give you a view from inside the vulnerable section of an application, to clearly understand the origination and the progression of an attack. We will subsequently move through this range to show you exactly how to defend an application against said attacks

When : Apr 23, 2020

Time : 11 AM (ET) / 8 AM (PT)

Register Now

We bring to you we45’s first webinar of 2020. This time, we’re kicking off with a topic that continues to create excitement and interest amongst product teams working on contemporary technology stacks - a purple-view snapshot of Kubernetes Security! Register Now

we45 announces the release of Orchestron v5, an application vulnerability correlation platform, with improved correlation capacity & OAugment framework. At the core of this update is Orchestron Risk Language (ORL) the extensive library of vulnerability data that is central to Orchestron’s advanced correlation capabilities. Know more here

When did it happen: Feb 27, 2019

What was it about: we45's open source project, ThreatPlaybook, was showcased at OWASP Seasides, Goa. ThreatPlaybook is a unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration.

Where did it happen: OWASP Seasides 2019, Goa.

When did it happen: May 26-28, 2019

What was it about: Security continues to remain a key challenge that both Organizations and Security practitioners face with containerized and, serverless deployments. This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. 

Where did it happen: Global AppSec Tel Aviv 2019

When did it happen: May 26-28, 2019

What was it about: A phased approach to continuous delivery is not only preferable, but it’s also infinitely more manageable". This quote by Maurice Kherlakian refers to DevOps, a movement that has seeped into organizations across the globe, resulting in Continuous delivery of apps. However, security remains a serious bottleneck for DevOps. Organizations struggle with including security in continuous delivery processes. This training was a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline delivered at AppSec Tel Aviv. 

Where did it happen:  Global AppSec Tel Aviv 2019

When did this happen: March 25-27, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and Serverless tech.

Where did it happen: Shack 2019.

When did this happen: February 26-27, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where did it happen: DevSecCon Singapore, 2019

When was i: Aug 3-4, 2019

What was it about: This training was a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline presented at Black Hat USA 2019. The training was backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.

Where: Black Hat USA 2019

When did this happen: January 22-23, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where did it happen: AppSec Cali 2019, USA

When did it happen: October 15 & 16, 2018

What was it: Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline. 

Where did it happen: OWASP AppSecDay 2018, Melbourne Australia.

When was it: October 17, 2018

What was it about: Informative talk that aimed to provide a holistic perspective on finding and fixing some uncommon flaws in Python Web Applications.

Where: DJANGOCON 2018, San Diego.

When: October 22, 2018

What: Talk centred on the importance of Threat Modeling and how best to integrate it to the Software Development Life Cycle(SDLC).

Where: SANS Secure DevOps Summit & Training 2018, Denver. 

When did this happen: October 23 & 24, 2018

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where did it happen: LASCON 2018, Austin.

When: October 19, 2018

From the Speaker : Talk Overview

Threat Models, although critical for Product Security Engineering, is often relegated to the status of a Best Practice document that is good to have. I believe that Threat Models are playbooks of Product Security Engineering. The best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). They should produce actionable outputs that can be acted up on by various teams within an organization.

To address this divide, I have developed ‘ThreatPlaybook’, an open source ‘Threat Modeling as Code’ framework that allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files (like Ansible) and with the help of Test Automation Frameworks (in this case, Robot Framework). ‘ThreatPlaybook’ allows product engineering and penetration testing teams to not only capture Threat Models as code, but also trigger specific security test cases.

Where: AppSec Australia, Melbourne

When Did This Happen: October 17 & 18, 2018

What Was Discussed: Two full days of intensive, hands-on learning to best equip attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.

The course focused on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers. 

Where: AppSecDay Melbourne, Australia.

When did it happen : October 29 & 30, 2018

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

Where was it : Code Blue 2018, Japan.

When was it : October 29 & 30, 2018

What was it about : Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline. 

Where did it happen : Code Blue 2018, Japan.