API Security Testing Workshop
The Kentucky ISSA Chapter, in partnership with Ellipsis Information Security LLC, is excited to present an
immersive, hands-on information security workshop focused on API Security Testing. This day-long event offers
a unique opportunity to learn directly from a globally recognized application security expert, who brings over a
decade of experience teaching professionals of all skill levels.
Why Attend?
Comprehensive Coverage: Whether you’re a beginner or an advanced practitioner, you’ll gain valuable insights through interactive lectures, real-world demonstrations, and hands-on exercises.
Practical Skills: Take part in exercises designed to replicate real-world security challenges, allowing you to apply what you learn immediately. Bring your laptop to get the most out of these hands-on activities.
Unbeatable Value: Don’t let the price fool you—thanks to the ISSA Kentuckiana chapter, this enterprise-quality training is available at a deeply discounted rate.
Seats are Limited!
Due to high demand, space is limited, and this workshop is expected to sell out quickly.
Reserve your spot today and take the first step towards mastering API security.
Topics
1. Introduction to API Security
2. Understanding Authentication and Authorization
3. API Security Testing Tools and Techniques
4. Testing for Common API Vulnerabilities
5. Secure API Development Practices
6. Walkthrough of setting up a vulnerable API
7. Recommended resources for further learning
Lab Environment
The class includes the latest version of the Octagon Virtual Machine, a custom virtual machine that has
all the necessary servers and applications pre-installed.
A link to download and install the virtual lab environment will be provided.
The software must be installed before coming to class.
Please see Lab Environment Minimum Requirements below.
When
Saturday, January 20th, 2024
8:30 AM - 4:30 PM
Where
Farm Credit Mid-America Corporate Office
12501 Lakefront Pl
Louisville, KY 40299
flag{Farm Credit Mid-America Corporate Office 12501 Lakefront Pl Louisville, KY 40299}
Cost: $500.00 Special ISSA Price $100.00
ISSA Kentuckiana Member Cost: $50 (with member discount code)
CPEs
Attendees will recieve 7 CPE Credits for this event
Registration:
Who
Jeremy Druin
Certified Security Penetration Tester & Cloud Security Architect
Google PCSE|OSCP|GPCS|GCLD|GXPN-GOLD|GPEN-GOLD|GWAPT-GOLD|GCIH-GOLD|GMOB|GSEC|GISF|Sec+
Jeremy is the Distinguished Cybersecurity Architect for the largest multi-national transportation logistics
company in the world. Jeremy is also the owner of Ellipsis Information Security and teaches courses for Ellipsis and SANS Institute. As a Director of Education for the ISSA Kentuckiana chapter, Jeremy presents application security, penetration testing and defense along with operating the webpwnized YouTube video channel.
Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelor of Science in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Master of Computer Science and Engineering from the University of Louisville and is a GIAC-certified Web, API, Mobile and Network Security Penetration Tester, and Cloud Security Architect.
Lab Environment Minimum Requirements
Required Hardware:
1. Minimum i3 64-bit processor; i5+ 64-bit is recommended
2. Minimum 5GB RAM; 8+ GB is strongly recommended
3. Minimum 7,200 RPM platter-based drive; SSD is recommended
4. 80 GB of free disk drive space
5. Windows 10 64-bit with NTFS file system or Mac OSX Mojave 64-bit or equivalent OS
Required Virtualization Software:
1. Oracle VirtualBox - Latest Version
2. Oracle VirtualBox Extension Pack - Latest Version
3. Download link for both: https://www.virtualbox.org/wiki/Downloads
Required Configuration (All platforms):
1. You must have Administrator or root access to install a virtualization product
2. The hardware virtualization feature of the CPU must be enabled in the BIOS
a. This feature may be referred to as VT-x, VMX, AMD-V, or other depending on the type of processor
Required Configuration (Windows)
1. VirtualBox requires Hyper-V to be disabled
2. See https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-
management/virtualization-apps-not-work-with-hyper-v
K7gBdcYoI9fudnBHlijRBAe1lVXqxOct6I2S
Required Configuration (Mac)
1. Apple Mac M1 ARM CPU (2022+) does not support VirtualBox
2. Parallels or VMware Fusion might work as an alternative to VirtualBox on Apple Mac M1
ARM CPU (2022+)