c0c0n @2025 | Hacking & Cyber Security Briefing

PRE-REQUISITE

Secure source code review is essential for identifying vulnerabilities in modern software applications. The course requires a thorough analysis of code to detect and address security flaws effectively. This is a hands-on training course, and participants must bring their own laptops to perform various attacks on web-based applications.

PARTICIPANT'S REQUIREMENTS

Windows/Linux/macOS installed on the machine
Minimum 8GB of RAM
At least 10GB of free disk space
VMware Player or VirtualBox installed

WHO SHOULD ATTEND

This course is designed for:

Individuals with a basic understanding of application security.
Developers with foundational coding knowledge.
Professionals interested in performing manual secure source code reviews
Developers seeking to secure their applications
Anyone looking to learn secure coding practices
Those who wish to explore different source code review methodologies and approaches

WHAT TO EXPECT

Exposure to modern tools and techniques for secure source code review
Access to updated demo applications for hands-on secure code review
Interactive secure coding CTF (Capture the Flag) challenges, reflecting the latest security trends

WHAT NOT TO EXPECT

The use of any commercial or proprietary tools.

DURATION

Duration: 3 days

This course covers essential and up-to-date application security issues, with a focus on designing and developing secure code in response to current threats.

Trainers

Manoj Kumar

Co-Founder, h1hakz

Ranjith Menon

Co-Founder, h1hakz

Day wise Training Plan

DAY 1 - Modern Secure Coding Best Practices
- Module 1: Introduction to Secure Coding Best Practices (SCBP)
  - Get acquainted with today's top secure coding practices.
  - Learn why SCBP is critical in the ever-evolving threat landscape
  - Seamlessly integrate SCBP into your development workflow
- Module 2: Insecure Design Flaws
  - Spot and fix design flaws common in modern apps
  - Implement secure design controls using zero-trust principles
  - Use Confidentiality, Integrity, and Availability (CIA) for risk assessments
  - Practical Demo: Insecure Design Flaw
- Module 3: Injection Vulnerabilities
  - Master SQL Injection defense with cutting-edge methods
  - Stay ahead with strategies against CSV-based formula injections
  - Shield your app from XML External Entity (XXE) Injection in the cloud
  - Secure GraphQL APIs from modern injection threats
  - Practical Demo: Safeguarding against injection attacks
- Module 4: Modern Cryptography
  - Stay updated on the latest Encryption & Decryption techniques
  - Properly implement Encoding & Decoding strategies.
  - Secure your app with modern hashing and Salted Hash techniques.
  - Practical Demo on Cryptography.
  - Memory
- Module 5: Secure Coding for Cloud-Native Applications
  - Cloud-specific security considerations (shared responsibility model, API security, etc.)
  - Securing containerized applications (Docker, Kubernetes)
  - Serverless security (Google cloud run, Google Kubernetes Engine)
  - Practical Demo on Infrastructure as Code analysis
DAY 2 - Advanced Secure Coding Practices
- Module 6: Broken Access Control
  - Manage user sessions with multi-factor authentication (MFA) best practices
  - Implement secure cookie attributes across modern browsers
  - Deploy advanced OTP, CAPTCHA, and adaptive authentication methods
  - Practical Demo: Locking down access control in complex apps.
- Module 7: Error Handling and Logging
  - Securely log data using modern centralized systems.
  - Master error handling in distributed environments.
  - Case Study: Tackling vulnerabilities like Apache Log4j.
  - Practical Demo: Implementing secure logging and error handling.
- Module 8: Code Quality Standards and Best Practices
  - Fix security misconfigurations in modern frameworks.
  - Automate the detection of hardcoded sensitive information.
  - AI and machine learning in code analysis and vulnerability detection
  - Practical Demo: Boosting code quality with modern tools
- Module 9: Cross-Site Request Forgery (CSRF)
  - Safeguarding Single Page Applications (SPAs) from CSRF attacks with top-notch defenses
  - Implement SameSite cookies and other modern protections
  - Practical Demo: Fortifying against CSRF in SPAs
- Module 10: Server-Side Request Forgery (SSRF)
  - Understand and mitigate SSRF attacks
  - Implement strong defenses against SSRF in modern architectures
  - Practical Demo: Shielding Cloud and Web Apps from SSRF.
DAY 3 - Advanced Secure Coding Practices
- Module 11: Next-Gen Application Security
  - Secure coding standards: OWASP ASVS
  - Use of AI/ML in static analysis
  - Securing CI/CD pipelines
  - Practical Demo: Integrating security scanners in CI
- Module 12: CTF - Secure Source Code Review
  - Engage in guided practice using the latest tools and techniques.
  - Walk through real-world scenarios to solidify your skills.
  - Collaborate on code reviews to tackle the latest security challenges.

Contact Info

Social Links

WS-10

Secure Code Audit Exclusive Edition

07-09 October, 2025