we45 announces the release of Orchestron v5, an application vulnerability correlation platform, with improved correlation capacity & OAugment framework. At the core of this update is Orchestron Risk Language (ORL) the extensive library of vulnerability data that is central to Orchestron’s advanced correlation capabilities. Know more here
When did it happen: Feb 27, 2019
What was it about: we45's open source project, ThreatPlaybook, was showcased at OWASP Seasides, Goa. ThreatPlaybook is a unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration.
.png?width=322&name=Untitled%20design(15).png)
Where did it happen: OWASP Seasides 2019, Goa.
When is it happening: May 26-28, 2019
What is it about: Security continues to remain a key challenge that both Organizations and Security practitioners face with containerized and, serverless deployments. This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments.
Where is it happening: Global AppSec Tel Aviv 2019, Know more here
When is it happening: May 26-28, 2019
What is it about: A phased approach to continuous delivery is not only preferable, but it’s also infinitely more manageable". This quote by Maurice Kherlakian refers to DevOps, a movement that has seeped into organizations across the globe, resulting in Continuous delivery of apps. However, security remains a serious bottleneck for DevOps. Organizations struggle with including security in continuous delivery processes. This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.
Where is it happening: Global AppSec Tel Aviv 2019, Know more here
When: October 7 & 8, 2019
What is it about: This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.
Where: NanoSec Asia, Kuala Lumpur. Know more here.
When: October 7 & 8, 2019
What is it about: Intensive, hands-on learning to best equip attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.
The course focused on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers.
Where: NanoSec Asia, Kuala Lumpur. Know more here.
When did this happen: March 25-27, 2019
What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and Serverless tech.
Where did it happen: Shack 2019.
When did this happen: February 26-27, 2019
What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.
Where did it happen: DevSecCon Singapore, 2019
When: April 24-26, 2019
What is it about: This training has been created with the objective of understanding both offensive and defensive security for container orchestrated and serverless deployments. It will be a 3 day program that will detail through specific theory elements with extensive hands-on exercises that are similar to real-world threat scenarios.
Where: Brucon 2019. Register here
When: Aug 3-4, 2019
What is it about: This training is a comprehensive, focused and practical approach at implementing Security for your Continuous Delivery Pipeline. The training is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.
Where: Black Hat USA 2019. Register here
When did this happen: January 22-23, 2019
What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.
Where did it happen: AppSec Cali 2019, USA
When did it happen: October 15 & 16, 2018
What was it: Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline.
.jpg?width=498&name=photo6208277559267928160%20(1).jpg)
Where did it happen: OWASP AppSecDay 2018, Melbourne Australia.
When was it: October 17, 2018
What was it about: Informative talk that aimed to provide a holistic perspective on finding and fixing some uncommon flaws in Python Web Applications.
Where: DJANGOCON 2018, San Diego.
When: October 22, 2018
What: Talk centred on the importance of Threat Modeling and how best to integrate it to the Software Development Life Cycle(SDLC).
Where: SANS Secure DevOps Summit & Training 2018, Denver.
When did this happen: October 23 & 24, 2018
What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.
Where did it happen: LASCON 2018, Austin.
When: October 19, 2018
From the Speaker : Talk Overview
Threat Models, although critical for Product Security Engineering, is often relegated to the status of a Best Practice document that is good to have. I believe that Threat Models are playbooks of Product Security Engineering. The best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). They should produce actionable outputs that can be acted up on by various teams within an organization.
To address this divide, I have developed ‘ThreatPlaybook’, an open source ‘Threat Modeling as Code’ framework that allows product teams to capture User Stories, Abuse Stories, Threat Models and Security Test Cases in YAML Files (like Ansible) and with the help of Test Automation Frameworks (in this case, Robot Framework). ‘ThreatPlaybook’ allows product engineering and penetration testing teams to not only capture Threat Models as code, but also trigger specific security test cases.
Where: AppSec Australia, Melbourne. Learn more here
When Did This Happen: October 17 & 18, 2018
What Was Discussed: Two full days of intensive, hands-on learning to best equip attendees with platform and technology agnostic remediation strategies against application security vulnerabilities.
The course focused on core application security principles aimed at the engineering community such as developers, architects and quality assurance testers.
.jpg?width=600&name=photo6210674309932886061%20(2).jpg)
Where: AppSecDay Melbourne, Australia.
When did it happen : October 29 & 30, 2018
What was it about: This training was aimed at practitioners of emerging technologies like Containers, Kubernetes or Serverless. The training illustrated ways of attacking and defending containerised applications and serverless tech.
.jpg?width=600&name=photo5958634316059750062%20(1).jpg)
Where was it : Code Blue 2018, Japan.
When was it : October 29 & 30, 2018
What was it about : Two full days of intensive, hands-on learning that enabled attendees incorporate robust and resilient application security practices within a continuous delivery pipeline.
Where did it happen : Code Blue 2018, Japan.
