A Focus1 Event for Software Security Professionals

The State of Software Security: Challenges and Opportunities 2024 

 

This one-day training and networking event will host a limited group (up to 20) of thought leaders from the corporate software security industry.


Every participant will have the opportunity to exchange meaningful ideas about the state of corporate software security, its challenges, and opportunities in 2024, and learn from each other through an immersive LEGO® SERIOUS PLAY® facilitated sessions.


Key concepts and a knowledge-transfer session will be delivered by Ernő Jeges, CTO and Managing Director at Cydrill Ltd, The Global Training Provider for Corporate Software Security. 


The State of Software Security: Challenges and Opportunities 2024


Meet and train with Ernő Jeges, CTO and Managing Director, Cydrill Ltd., The Global Training Provider for Corporate Software Security.


When: March 6th 2023 (Wed). 09:00 AM - 17:00 PM.

Where: German-Bulgarian Chamber of Industry and Commerce. Interpred - WTC Sofia; Building A, Floor 3; Dragan Tsankov Blvd. 36; 1040 Sofia. 


Think > Share > Reflect > Learn > Improve.

100% of participants. 100% of the time. 



By participating, you will enjoy:

Building trust and strong connections with like-minded professionals from the Software Industry. Powered by LEGO® SERIOUS PLAY®.

Keynote and a training session with Ernő Jeges, CTO and Managing Director Cydrill Ltd.  Educating software professionals and security champions on secure coding practices since 2010.

Post-event abstract with next steps, event highlights, photos, and major takeaways from the discussions and the keynote training session. 

One LEGO® SERIOUS PLAY® Windows Exploration Bag to keep as a token from the event.

Sharing and learning. Meaningful conversations and discussions with professionals from the Software Industry. Powered by LEGO® SERIOUS PLAY®.


Post-event Private Listed Group on LinkedIn for discussions and knowledge-sharing.


Growing your professional competencies and career opportunities in the Software Industry.


The State of Software Security: Challenges and Opportunities 2024

Immersive one-day workshop and roundtable.

 Includes a LEGO® SERIOUS PLAY® facilitated session on Cybersecurity. 

Delivered by: Ernő Jeges, CTO and Managing Director Cydrill Ltd. 

Ernesto is a seasoned security professional with 14 years of experience educating software professionals and security champions on secure coding practices in C/C++, Java, C#, Python and many other languages and platforms. 

As Cydrill’s founder and lead instructor, he continues his work helping programmers master preventative coding best practices in engaging and highly technical live trainings. 

Established in 2019 and recognized by Enterprise Security in 2021 as one of the top companies shaping the cybersecurity landscape, Cydrill is on a mission to tackle the root cause of poor cyberdefense: inadequate coding practices.

Cydrill’s blended learning journey provides training in proactive and effective secure coding for developers from Fortune 500 companies all over the world. By combining instructor-led training, e-learning, hands-on labs, and gamification, Cydrill provides a novel and effective approach to learning how to code securely. 

https://www.linkedin.com/in/ernojeges/
https://cydrill.com/

Facilitated by: Dimitar Stoev, Managing Partner Learn Valley Ltd.

Dimitar has more than 18 years of experience in the education industry. Currently, he runs Learn Valley Ltd., a company focused on delivering technical and business training courses for the life-long learners in the modern organization. 

Dimitar is a certified facilitator in the LEGO® SERIOUS PLAY® method. He is a graduate of AUBG, and has obtained the PMP and PRINCE2 Practitioner certifications. 

His company, Learn Valley Ltd. (operating under the brands www.learnvalley.org and www.trainings1.com) provides training services since 2017. Based in Sofia, Bulgaria and with partners across the globe, Learn Valley Ltd. delivers world-class education services to help tackle today's and tomorrow's work challenges. 

https://www.linkedin.com/in/dimitarstoev/
https://learnvalley.org/
https://www.trainings1.com/

Morning Session

Cybersecurity Workshop - From individual models and perceptions to a shared understanding. Facilitated session with Lego®  Serious Play®  (120 minutes):

  • Security vs. safety.
  • Security on the timeline.
  • Threat metrics.
  • Security requirements.
  • Secure coding.
  • Game theory approach.


During the morning session we will explore some Cybersecurity Basics through Lego®  Serious Play® (LSP). We will discover that each participant has an interest and has a stake in what is on the agenda. We will increase individual and group understanding by facilitating a discussion through LSP. Everyone will participate, and we will experience a level playing field for the discussion. 

Afternoon Session

The OWASP Top Ten 2021 

Insecure Design (110 minutes) 

·       The STRIDE model of threats 

·       Secure design principles of Saltzer and Schroeder 

o   Economy of mechanism 

o   Fail-safe defaults 

o   Case study – Strava data exposure 

o   Complete mediation 

o   Case study – WannaCry 

o   Open design 

o   Separation of privilege 

o   Least privilege 

o   Least common mechanism 

o   Psychological acceptability 

·       Client-side security 

o   Frame sandboxing 

-   Cross-Frame Scripting (XFS) attacks 

-   Lab - Clickjacking 

-   Clickjacking protection best practices 

-   Lab – Using CSP to prevent clickjacking 


Identification and Authentication Failures (2 hrs) 

Authentication (30 minutes) 

o   Authentication basics 

o   Multi-factor authentication (MFA) 

o   Case study – PayPal 2FA bypass 

Discussion

Password management (90 minutes) 

o   Inbound password management 

-   Storing account passwords 

-   Password in transit 

-   Lab – Is just hashing passwords enough? 

-   Dictionary attacks and brute forcing 

-   Salting 

-   Adaptive hash functions for password storage 

-   Password policy 

-   NIST authenticator requirements for memorized secrets 

-   Case study – The Ashley Madison data breach 

-   The ultimate crack 

-   Exploitation and the lessons learned 

Discussion

Software and Data Integrity Failures (30 minutes) 

Subresource integrity 

o   Importing JavaScript 

o   Lab – Importing JavaScript 

o   Case study – The British Airways data breach 


Wrap up and discussion (30 minutes) 

Secure coding principles 

·       Principles of robust programming by Matt Bishop 

In partnership with Cydrill Ltd., 

Global Training Provider for Corporate Software Security 


Cydrill Ltd. helps your developers to think like hackers using hands-on lab exercises, learning through gamified practice, and real-world scenarios which put all the theory into action. Cydrill Ltd. delivers instructor-led trainings for software security worldwide - in the USA, Philippines, South Korea, India, UK, Sweden, Norway, Finland, Netherlands, Belgium, Germany, Austria, Switzerland, Spain, Italy, Turkey, Bulgaria, Slovenia, and Hungary. 

Learn more at: https://cydrill.com/courses/

The State of Software Security: Challenges and Opportunities 2024: The 1-Day Workshop


Tickets: Early bird: 295 EUR w/o VAT (for purchase until February 9th, 2024). Standard: 395 EUR w/o VAT. 


When: March 6th 2023 (Wed). 09:00 AM - 17:00 PM.

Where: German-Bulgarian Chamber of Industry and Commerce

Interpred - WTC Sofia; Building A, Floor 3; Dragan Tsankov Blvd. 36; 1040 Sofia. 

 

Trainings ONE by Learn Valley Ltd. All rights reserved 2017 - 2023 ©. Professional training services. Fast, competent and reliable. M: +359 889 895 559. E: [email protected]


Sofia. Bucharest. Budapest. Mannheim. Munich. Poznan. Riga. Valencia.