Javascript on your browser is not enabled.

Secure Code Audit Express Edition

Secure Code Audit Express Edition

by Ranjith Menon & Manoj Kumar   
10 November, 2021 9:30 IST - 14:00 IST

WORKSHOP ABSTRACT / OBJECTIVE

Secure code audit is a highly effective process of identifying vulnerabilities in software. This process requires a more in-depth analysis of an application in order to find the security flaws.

SYSTEM REQUIREMENTS

Any browser - Laptop/Mobile

WHAT TO EXPECT:

  • Exposure to perform manual secure code audit

WHAT NOT TO EXPECT:

  • Any professional tools
  • Source code for hands on
  • Any CTF challenges

COURSE DURATION

  • DAY 1

    The course covers web application security vulnerabilities and how to design and develop code defenses into an application.


    SECURE CODE AUDIT - EXPRESS EDITION
    • Module 1: Secure Source Code Review(SSCR) Approaches
      • What is SSCR
      • Need for SSCR
      • Different way of doing SSCR
      • SSCR vs Dynamic application security testing
    • Module 2: Input Validation
      • Reflected, Stored and DOM based XSS
      • Proper implementation of OTP & CAPTCHA
      • Best practices and guidelines to avoid these Attacks
      • Demo
    • Module 3: Injection
      • SQL injection
      • Demo
    • Module 4: Error Handling and Logging
      • Proper implementation of log
      • Proper error handling
      • Demo
    • Module 5: Code Quality
      • Hard coded information
      • Critical information in comment
      • Client side hardcoded information
      • Demo
    • Module 6: Cryptography
      • Hashing
      • Salted hash technique
      • Storage of critical information in backend side
      • Demo
    • Module 7: Cross Site Request Forgery (CSRF)
      • Demo

SPEAKER PROFILES:

Ranjith Menon, Co-Founder, h1hakz

Ranjith Menon

Ranjith Menon who has more than 11 years of experience. He is an active player on Bug bounty programs and specialized in Web application, Mobile, Cloud and a contributor to the Security Community and co-founder of h1hakz, an open platform for knowledge sharing through webcast series. Also, he has found many vulnerabilities for many organizations. Also given training on c0c0n XII, c0c0n XI, Bslides delaware, WOPR, HackMiami etc.Apart from hacking, he gets time for fitness from his work schedule.




Manoj Kumar, Co-Founder, h1hakz

Manoj Kumar

Manoj Kumar has more than 8 years of experience in the field of Application Security with masters in cybersecurity and a co-founder of h1hakz. He has Developed many Secure Application Projects using different languages and has Code reviewed a wide range of applications, from embedded systems to web applications including Retail Banking and E-commerce Application. Also given training on c0c0n XII, c0c0n XI, Bslides delaware, WOPR, HackMiami etc



CONFERENCE 2021

c0c0n 2021 Online Conference

VENUE

c0c0n 2021 is a Virtual Conference

c0c0n 2021 Workshop Date

WORKSHOP

November 10-11

c0c0n Conference 2021

CONFERENCE

November 12-13

CONFERENCE PARTNERS

Kerala Police
ISRA
POLCYB

SPONSORS

c0c0n 2021 Supporters

Cochin Smart Mission Limited
Indian Oil Corporation
vensec
Petronet LNG
Federal Bank
CSB Bank
Bharat Petroleum Corporation Limited
Elastic Security Solution
GAIL (India) Ltd.
Netskope, your cloud security platform.
crowdstrike
Synthite
GEOJIT FINANCIAL SERVICES
Breaking Barriers - Lean In Circle
Cyber Security Global Alliance(CSGA)
WICCI Public Safety & Security Council, Bengal
Stories of Infosec Journeys
Chakolas