Secure Code Audit Express Edition
WORKSHOP ABSTRACT / OBJECTIVE
Secure code audit is a highly effective process of identifying vulnerabilities in software. This process requires a more in-depth analysis of an application in order to find the security flaws.
SYSTEM REQUIREMENTS
Any browser - Laptop/Mobile
WHAT TO EXPECT:
- Exposure to perform manual secure code audit
WHAT NOT TO EXPECT:
- Any professional tools
- Source code for hands on
- Any CTF challenges
COURSE DURATION
- DAY 1
The course covers web application security vulnerabilities and how to design and develop code defenses into an application.
SECURE CODE AUDIT - EXPRESS EDITION- Module 1: Secure Source Code Review(SSCR) Approaches
- What is SSCR
- Need for SSCR
- Different way of doing SSCR
- SSCR vs Dynamic application security testing
- Module 2: Input Validation
- Reflected, Stored and DOM based XSS
- Proper implementation of OTP & CAPTCHA
- Best practices and guidelines to avoid these Attacks
- Demo
- Module 3: Injection
- SQL injection
- Demo
- Module 4: Error Handling and Logging
- Proper implementation of log
- Proper error handling
- Demo
- Module 5: Code Quality
- Hard coded information
- Critical information in comment
- Client side hardcoded information
- Demo
- Module 6: Cryptography
- Hashing
- Salted hash technique
- Storage of critical information in backend side
- Demo
- Module 7: Cross Site Request Forgery (CSRF)
- Demo
- Module 1: Secure Source Code Review(SSCR) Approaches
SPEAKER PROFILES:
Ranjith Menon who has more than 11 years of experience. He is an active player on Bug bounty programs and specialized in Web application, Mobile, Cloud and a contributor to the Security Community and co-founder of h1hakz, an open platform for knowledge sharing through webcast series. Also, he has found many vulnerabilities for many organizations. Also given training on c0c0n XII, c0c0n XI, Bslides delaware, WOPR, HackMiami etc.Apart from hacking, he gets time for fitness from his work schedule.
Manoj Kumar has more than 8 years of experience in the field of Application Security with masters in cybersecurity and a co-founder of h1hakz. He has Developed many Secure Application Projects using different languages and has Code reviewed a wide range of applications, from embedded systems to web applications including Retail Banking and E-commerce Application. Also given training on c0c0n XII, c0c0n XI, Bslides delaware, WOPR, HackMiami etc