NEWS & EVENTS

Stay Updated, Stay Smart!

Press Release : we45 Announces the Release of Orchestron v5 with Advanced Correlation and OAugment

we45 announces the release of Orchestron v5, an application vulnerability correlation platform, with improved correlation capacity & OAugment framework. At the core of this update is Orchestron Risk Language (ORL) the extensive library of vulnerability data that is central to Orchestron’s advanced correlation capabilities. Know more here

orchestron-logo

 

 

Tools Showcase - ThreatPlaybook

When did it happen: Feb 27, 2019

What was it about: we45's open source project, ThreatPlaybook, was showcased at OWASP Seasides, Goa. ThreatPlaybook is a unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration.

Untitled design(15)

Where did it happen: OWASP Seasides 2019, Goa.

Attacking and Defending Containerized Apps and Serverless Tech

When is it happening: May 26-28, 2019

What is it about: Security continues to remain a key challenge that both Organizations and Security practitioners face with containerized and, serverless deployments. This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. 

logo-tlv

Where is it happening: Global AppSec Tel Aviv 2019, Know more here

DevSecOps Masterclass

When is it happening: May 26-28, 2019

What is it about: A phased approach to continuous delivery is not only preferable, but it’s also infinitely more manageable". This quote by Maurice Kherlakian refers to DevOps, a movement that has seeped into organizations across the globe, resulting in Continuous delivery of apps. However, security remains a serious bottleneck for DevOps. Organizations struggle with including security in continuous delivery processes. This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.

logo-tlv

Where is it happening:  Global AppSec Tel Aviv 2019, Know more here

Hands-on DevSecOps and AppSec Automation

When: October 7 & 8, 2019

What is it about: This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.

NanoSec Asia

Where: NanoSec Asia, Kuala Lumpur. Know more here.

Application Security Essentials Training

When: October 7 & 8, 2019

What is it about: Intensive, hands-on learning to best equip attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.

The course focused on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers. 

Screen Shot 2019-03-05 at 5.51.33 PM

Where: NanoSec Asia, Kuala Lumpur. Know more here.

Attacking and Defending Containerized Apps and Serverless Tech

When did this happen: March 25-27, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and Serverless tech.

Screen Shot 2019-03-25 at 5.41.22 PM
Where did it happen: Shack 2019.

Container Security, Orchestration and Serverless Training

When did this happen: February 26-27, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

DevSecCon

Where did it happen: DevSecCon Singapore, 2019

Attacking and Defending Containerized Applications and Serverless Tech

When: April 24-26, 2019

What is it about:  This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. It will be a 3 day program that will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios.

BruconLogo

Where: Brucon 2019. Register here

DevSecOps and AppSec Automation Masterclass

When: Aug 3-4, 2019

What is it about: This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.

event-logo-us-19

Where: Black Hat USA 2019. Register here

Attacking and Defending Containerized Apps and Serverless Tech

When did this happen: January 22-23, 2019

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

photo5929095450848243870

Where did it happen: AppSec Cali 2019, USA

Hands on DevSecOps and AppSec Automation Training

When did it happen: October 15 & 16, 2018

What was it: Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline. 

OWASP AppSecDay, Melbourne

Where did it happen: OWASP AppSecDay 2018, Melbourne Australia.

Unique ways to Hack into a Python Web Service

When was it: October 17, 2018

What was it about: Informative talk that aimed to provide a holistic perspective on finding and fixing some uncommon flaws in Python Web Applications.

photo5929344782289710540-1

Where: DJANGOCON 2018, San Diego.

Threat Model-as-Code: A Framework to go from Codified Threat Modeling to Automated Application Security Testing

When: October 22, 2018

What: Talk centred on the importance of Threat Modeling and how best to integrate it to the Software Development Life Cycle(SDLC).

 we45 Nithin Jois SANS Denver

Where: SANS Secure DevOps Summit & Training 2018, Denver. 

Container Security, Serverless and Orchestration Training

When did this happen: October 23 & 24, 2018

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

photo6231219432022190163

 

Where did it happen: LASCON 2018, Austin.

Threat Modeling-as-Code & Automation for DevSecOps wins

When: October 19, 2018


From the Speaker : Talk Overview

Threat Models, although critical for Product Security Engineering, is often relegated to the status of a Best Practice document that is good to have. I believe that Threat Models are playbooks of Product Security Engineering. The best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). They should produce actionable outputs that can be acted up on by various teams within an organization.

To address this divide, I have developed ‘ThreatPlaybook’, an open source ‘Threat Modeling as Code’ framework that allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files (like Ansible) and with the help of Test Automation Frameworks (in this case, Robot Framework). ‘ThreatPlaybook’ allows product engineering and penetration testing teams to not only capture Threat Models as code, but also trigger specific security test cases.


Where: AppSec Australia, Melbourne. Learn more here

Application Security Essentials Training

When Did This Happen: October 17 & 18, 2018

What Was Discussed: Two full days of intensive, hands-on learning to best equip attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.

The course focused on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers. 

 we45 at AppSecDay Melbourne, Australia


Where: AppSecDay Melbourne, Australia.

Attacking and Defending Containerized Apps and Serverless Tech

When did it happen : October 29 & 30, 2018

What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

 


we45 security training at Code Blue Japan

Where was it : Code Blue 2018, Japan.

Hands-On DevSecOps and AppSec Automation Masterclass

When was it : October 29 & 30, 2018

What was it about : Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline. 

Code Blue

Where did it happen : Code Blue 2018, Japan.

Container Security, Serverless and Orchestration Training

When did this happen: October 9-10,2018
 
What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.

we45 container security training at AppSec USA
 
Where did it happen: OWASP AppSec USA, San Jose.

Threat Playbook - Black Hat USA 2018

When Did This Happen: August 8, 2018
 
What was it about: 
The key benefits of ThreatPlaybook is that you can: 
* Codifying Threat Models for Iterative Threat Modeling 
* Using Threat Models and Security Test Cases to launch targeted application security automation that can be used in a CI/CD environment or by pen testers who want to automate several tasks in their "Pentest Pipeline"
* Auto-generating Process Flow Diagrams from Codified Threat Models
* Capturing Security Test Cases linked to Threat Modeling
* Generating reports correlating Threat Models to Vulnerabilities, Security Test Cases and so on.

Black Hat USA
The session was presented by Abhay Bhargav, CTO and Sharath Kumar, Lead Solutions Engineer at we45.

Page 1 of 1 1