OpenLate provides an evening hack lounge with themed tech talks at the OpenDNS office.
Tonight Shruti Gupta from the OpenDNS Security Engineering Team will be teaching Application Security and Secure Coding Practices through a penetration testing workshop using the Security Ninjas project (https://github.com/opendns/Security_Ninjas_AppSec_Training).
This will be an interactive hands-on workshop covering the top 10 Application Security vulnerabilities (OWASP Top 10 (https://www.owasp.org/index.php/Top_10_2013-Top_10)) during which, we would attempt to attack a vulnerable web application running in a Docker container.
Make sure you have the hacking lab setup ready before the session. Refer to the blog (https://engineering.opendns.com/2015/03/16/security-ninjas-an-open-source-application-security-training-program/) for detailed instructions.
Summary of the setup:
1) Be able to run Docker images locally, e.g. through Docker, Boot2Docker, etc.
2) Install Firefox and Burp Suite free edition (http://portswigger.net/burp/download.html)
3) Configure Firefox to proxy using localhost:8080
4) Start a container from this (https://registry.hub.docker.com/u/opendns/security-ninjas/) Docker repository
Still confused or stuck? Come a few minutes before the session starts and we can help you set everything up!
For more information, please check out Shruti's blog post on the OpenDNS Engineering Blog (https://engineering.opendns.com/2015/03/16/security-ninjas-an-open-source-application-security-training-program/).
..And wait, Did we mention there would be SWAG too? :)