Presented at
DEF CON 32 (2024),
Aug. 10, 2024, 9 a.m.
(240 minutes).
We’ve developed an interactive workshop for all those who want to learn secure coding practices and/or experience attacking with up-to-date technologies.
We prefer simplicity:
Attacks are performed with swagger and C# scripts, and exploit XSS, CSRF, SSRF, and SQLI. We’ll also steal secrets and cookies.
Secure coding practices are summarized in an easy-to-remember acronym (PREVENT).
Participants will transform RecipeRealm, a naive webapi+angular recipes repository, into a secure solution.
Through the hands-on real-world coding exercises, we will cover dealing with a vulnerable third party, using the built-in defense mechanism of Angular, implementing antiCSRF mechanisms, coding a secure data layer, and how to protect a web API from being exploited to get information about our internal assets.
Presenters:
-
Or Sahar
- Co-founder at Secure From Scratch
Or Sahar is a security researcher and the co-founder of Secure From Scratch. With two decades of experience in software development and security, she specializes in penetration testing, application security, and instructing on secure coding practices. Currently pursuing a second Master's degree in computer science, Or Sahar holds a BSc in software engineering and is certified as an OSCE.
-
Yariv Tal
Yariv Tal is a senior developer turned security researcher. He graduated Summa Cum Laude with a BSc in Software Engineering and is currently pursuing a Master's degree in Computer Science. Yariv leverages his four decades of programming experience, university lecturing, and BootCamp mentoring to promote a "secure from scratch" coding philosophy.
Similar Presentations: