LASCON 2025 Training

L ASCON Trainings are events held in conjunction with the LASCON conference. Trainers are highly respected and experts in their field. Typically, the trainers have presented at several other quality events unrelated to OWASP, like Black Hat or other industry events. For LASCON 2025, the training offerings are both two day and one day trainings - please check the training you are signing up for the length.

Trainers: Matt Tesauro and Tracy Walker

Abstract:

This hands-on training course guides participants through establishing a comprehensive DevSecOps pipeline using free OWASP and open source security tools. Starting with security fundamentals, attendees will progressively build a mature testing environment spanning the entire software development lifecycle. The course covers implementation of key scanning tools including ZAP, Dependency Check, Amass, with DefectDojo as the vulnerability management hub.Through practical labs, participants will learn to automate security testing, consolidate findings, prioritize remediation, and generate suspiciously effective metrics. Whether starting from scratch or enhancing existing practices, you’ll leave dangerously equipped to implement a robust, scalable DevSecOps program using freely available tools that work for individual projects and enterprise implementations alike.Warning: Security teams may experience sudden bouts of productivity and stakeholders may display symptoms of reading security reports.

Trainers Bio:

Matt Tesauro is a DevSecOps and AppSec guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation.As a versatile engineer, Matt’s background spans software development (primarily web development), Linux system administration, penetration testing and application / cloud security. He thrives on tackling technical problems, but his economics background gives him a unique understanding of business constraints and incentives around security initiatives.

Principal Solution Architect - Defect Dojo

Tracy Walker is a 30-year veteran in Information Technology, go-lives, point-of-no-returns and hot-fixes. As a principal solutions architect for DefectDojo, Walker is passionate to help any I.T. environment improve security using open source and enterprise security tools.

Trainer: Abhinav Singh

Abstract:

By 2026, Gartner, Inc. predicts that over 80% of enterprises will engage with GenAI models, up from less than 5% in 2023. This rapid adoption presents a new challenge for security professionals. To bring you up to speed from intermediate to advanced level, this training provides essential GenAI and LLM security skills through an immersive CTF-styled framework. Delve into sophisticated techniques for mitigating LLM threats, engineering robust defense mechanisms, and operationalizing LLM agents, preparing them to address the complex security challenges posed by the rapid expansion of GenAI technologies. You will be provided with access to a live playground with custom-built AI applications replicating real-world attack scenarios covering use-cases defined under the OWASP LLM top 10 framework and mapped with stages defined in MITRE ATLAS. This dense training will navigate you through areas like the red and blue team strategies, create robust LLM defenses, incident response in LLM attacks, implement a Responsible AI (RAI) program, and enforce ethical AI standards across enterprise services, with the focus on improving the entire GenAI supply chain.This training will also cover the completely new segment of Responsible AI (RAI), ethics, and trustworthiness in GenAI services. Unlike traditional cybersecurity verticals, these unique challenges such as bias detection, managing risky behaviors, and implementing mechanisms for tracking information are going to be the key challenges for enterprise security teams.By the end of this training, you will be able to:- Exploit vulnerabilities in AI applications to achieve code and command execution, uncovering scenarios such as cross-site scripting, injection attacks, insecure agent designs, and remote code execution for infrastructure takeover.- Conduct GenAI red-teaming using adversary simulation, OWASP LLM Top 10, and MITRE ATLAS frameworks, while applying AI security and ethical principles in real-world scenarios.- Execute and defend against adversarial attacks, including prompt injection, data poisoning, and agentic attacks.- Perform advanced AI red and blue teaming through multi-agent auto-prompting attacks, implementing a 3-way autonomous system consisting of attack, defend, and judge models.- Build and deploy enterprise-grade LLM defenses, including custom guardrails for input/output protection, security benchmarking, and penetration testing of LLM agents.- Establish a comprehensive LLM SecOps process to secure the supply chain from adversarial attacks and create a robust threat model for enterprise applications.- Implement an incident response and risk management plan for enterprises developing or using GenAI services.

Trainer Bio: Cyber Security Research in AI,Cloud & Data

Abhinav Singh is an esteemed cybersecurity leader & researcher with over a decade of experience across technology leaders, financial institutions, and as an independent trainer and consultant. Author of "Metasploit Penetration Testing Cookbook" and "Instant Wireshark Starter," his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon, and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge whitepapers and industry reports around safety and security of AI.

Trainer: Abraham Aranguren

Abstract:

This course is the culmination of years of experience gained via practical penetration testing of Modern Web and Desktop applications as well as countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide, it covers the OWASP Top Ten and specific attack vectors against Modern Web and Desktop apps. This course provides participants with actionable skills that can be applied immediately from day 1.Please note our courses are 100% hands-on, we do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. Training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.Each day starts with a brief introduction to the Modern platform (i.e. Node.js, Electron) for that day and then continues with a look at static analysis, moves on to dynamic checks finishing off with a nice CTF session to test the skills gained.Day 1​: Focused specifically on Hacking Modern Web Apps: We start with understanding Modern Web Apps and then deep dive into static and dynamic analysis of the applications at hand. This day is packed with hands-on exercises and CTF-style challenges.Day 2: Focused on Hacking JavaScript Desktop Apps: We start with understanding JavaScript Desktop apps and various security considerations. We then focus on static and dynamic analysis of the applications at hand. The day is filled with hands-on exercises ending with a CTF for more practical fun.

Trainer Bio: , 7ASecurity, CEO

After 17 years in itsec and 24 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

Event Venue & Nearby Stays

Norris Conference Centers - Austin, 2525 West Anderson Lane, Austin, United States