For, but not limited to:
Team Leader of Software Development/Software Architect/Developers/Application Managers

Duration:
1 hour

Topics Covered:

• Academic vs Real-life.
  
• Web Race Condition in 2024.
  
• XS-Leaks: A Vulnerability Inherited from the Web Design.
  
• LibWebP Vulnerability (CVE-2023-4863): The New Log4j?
  
• CI/CD Pipeline Security Risks.
  
• How to Start Shifting Security Left.
  

From scientific studies, exposure to projects and audits. We’ll shred the light on latest vulnerabilities affecting software applications everyday around the world. How we are dealing with the complexity and the increase in attack surfaces. How Shifting Security Left is proving tangible success when “implemented correctly”.

For, but not limited to:
DevOps Engineers / Site realibility Engineers

Duration:
45 mins

Topics Covered:

• Why Securing your Pipeline is Important.
  
• Moving from DevOps to DevSecOps Methodology.
  
• How Many Security Checks Are Needed?
  
• Difference Between SAST/DAST/SCA.
  
• Container Security Scan vs Container Runtime Protection.
  
• Use Cases on CI with SAST and Container Security.
  
• Common Pipeline Misconfiguration and Associated Risks.
  
• Covering OWASP’s Top 10 CI Security Risks.
  
• Best Practices and Useful Tools.
  
  

Looking into mature CI/CD practices, configurations, security, tools, policies, and even cultures within our client base. You will leave with something!

For, but not limited to:
Web security/Security Experts/ Developers/ Software Architect

Duration:
45 mins

Topics Covered:

• Difficulties in keeping security “right” during software development.
  
• Risks of late addressing of security.
  
• The importance of open-source in modern applications.
  
• Security is a shared responsibility, it’s Not only on security professionals.
  
• Tackling challenges when Shift Security Left.
  
• Avoiding to slow down development processes.
  
• Choosing the right tools.
  
• Breaking frictions between security and development teams.
  
• All from real-life experiences and use cases.
  
  

Openly discussing what worked well for us, and what worked better for our clients in different business industries and IT environments. Full attention to why and how.  Fresh eyes. Leaving you with actionable outputs to be carried and possibility implemented right away, or “mix and match” with what your organization is already doing. e.g. tools choice and how to best utilize on them.

For, but not limited to:
Agile Coaches/ Product Owners/ Project Managers of software development teams / IT Managers

Duration:
1 hour

Topics Covered:

• Cybersecurity Landscape
• IoT and Challenges: Everything Can be Hacked or Attacked
• Cybersecurity and Agile Approach: Are We Really Being Agile?
• Agile SDLC and Typical Issues with Security
• How to Introduce Security in Scrum Events (Training, Evil User Stories, Threat Modeling)
• How to Measure Security: Process, Network, Software and People’s Metrics.

Being a focal point and facilitator, we will practically go through integrating security into the backlog planning. This includes addressing security metrics, prioritizing security measures, assessing the team’s skills and knowledge, and ultimately determining how to measure all this. Answering how to bringing stakeholders together!

For, but not limited to:
Application Managers/IT Managers/CEOs/ CTOs/CISOs

Duration:
45 mins

Topics Covered:

Have a practical vision for reducing costs, lowering security bugs, and minimizing the possibility of cyberattacks to enhance your security posture. Additionally, possess the ability to understand your team’s needs.

Discussion with our experts about Evolution of vulnerabilities, web race condition’s criticality, detection challenges, exploring exploits, “Shifting Security Left”, secure software development, detection methods, custom solutions.

Duration:
8 Hours

1- Technical

• How vulnerabilities and attackers’ techniques recently evolved.
• Diving into a vulnerability class (web race condition) as it’s becoming increasingly critical in most applications.
• The complexity and why is it difficult to detect.
• Practically explore the vulnerability in code.
• Explore ways attackers use to exploit.
• Plus, guidelines on detecting, mitigating and defending.

2- Methodology

• The importance of “Shifting Security Left” in software development.
• Building applications that are Secure-by-Design. Tools and different approaches.
• Tackling common challenges found during the process.
• Open discussion, questions, and sharing experiences.

3- Technical Report

• Detecting similar vulnerabilities.
• Advising the optimal approach to start Shifting Security Left. Customized for your organization.