Secure Coding: Fix from the root
Secure Coding: Fix from the root This talk aims to overcome the drawbacks of the current approach of teaching application security by blindly attacking applications to analyze vulnerabilities. This results in engineers being unable to figure out the proper fix for the vulnerabilities and hence allowing attackers to exploit the same. The talk will help security enthusiasts, developers and students to identify the root cause of the vulnerability in the code, patch it, re-deploy the application, and finally verify the fix. As an attendee, you will learn to find vulnerabilities with both an attacker and a defenders point of view which would help in a swift SDLC of fixing and moving forward instead of traditional pentesting procedures of fixing the issues at the end of the cycle. The demonstration will be done using a vulnerable e-cart application with microservice architecture which is deployed using docker where the vulnerable code is attacked and replaced with secure code snippets, compiled, deployed and pentested again to demonstrate how fixing a vulnerability at the root saves engineers time and efforts.
- Date:
- 2023 November 4 - 10:30
- Duration:
- 50 min
- Room:
- Room 2
- Conference:
- SeaGL 2023
- Language:
- Track:
- Security and Privacy
- Difficulty:
- Intermediate
- Distributed Authorization with CAProck
- Start Time:
- 2023 November 4 10:30
- Room:
- Room 3
- Effective git code review - make their job easier and you look smarter
- Start Time:
- 2023 November 4 10:30
- Room:
- Room 4
- Going as fast as possible in Rust
- Start Time:
- 2023 November 4 10:30
- Room:
- Room 1
- What's the Ideal Give-Away Computer?
- Start Time:
- 2023 November 4 11:00
- Room:
- Room 4