Secure Coding Workshop
Abstract
In today’s interconnected, software-dependent world, releasing secure apps, websites, tools, frameworks, etc., has become a top priority for developers. Various operating system platforms have now become an area of interest for adversaries as the compromise can lead to catastrophe. The browser coding and the antivirus programming need to be tackled more precisely. This workshop will deep dive into these concepts of Red and Blue Teaming approaches that could guide a programmer to develop secure code.
Topics of Concern
1. Need for secure Coding
2. Threat Map relating to Secure Coding
3. Firewall and Antivirus Role as Secure wall
4. Harmful Extension
5. Validation vs Sanitization
6. Attacks on Vulnerable programs.
Outcome
1. The power of secure coding
2. Relevancy of patch
3. Role of secure OS
Keynote Speakers
Mr. Avinash Kumar
M.S. Cyber Security United Kingdom, NCSC (GCHQ) Certified. Cyber Security,
AI and Blockchain Expert
Mr. J V Sai Abhiram
M.Tech Cyber security CEHv10,
ISCI Certified Network Security Specialist,
Qualys - Vulnerability Management Specialist
Workshop details
-----------------Date: 20/11/22-----------------
Mr. Avinash Kumar
Theoretical + Practical: 1 hour
◉ Introduction to Workshop & Speakers [5mins].
◉ Things to expect from this Workshop [5mins]
◉ Need for Secure Coding [20-25mins]
◉ Threat Mapping relating to Secure Coding – Various threats due to lack of Security Awareness & Implementation Standards [20-25mins].
◉ Firewall & Anti-Virus Roles in providing Security [Parameter Defense] [15-20mins]
Mr. J V Sai Abhiram
Theoretical + Practical: 1 hour
◉ Secure Coding Basic Principles [Examples via Labs/Slides] [10-15mins]
◉ Business plans – Derive & Understand problem statement when given to map out Infrastructure Diagrams [DFDs, Network Diagrams etc. by providing & discussing various architectural samples – including Monitoring of Assets, Log Collections, and Tools associated with it!] [20-25mins].
◉ Introduction to pfSense & Snort [Installation & Basic Configuration] [10mins]
Setting up ELK Stack or Wazuh [Installation & Basic Configuration] [10mins]
-----------------Date: 21/11/22-----------------
Mr. Avinash Kumar
Theoretical + Practical: 1 hour
◉ Harmful Extension [Such as .exe, .dll, .pdf etc.] [10-15mins].
◉ Validations & Sanitizations [SANS 25 Web Vulnerabilities & OWASP Top 10 Introduction with Examples] [15-20 mins].
◉ Various attacks on Vulnerable programs [10-15mins].
Mr. J V Sai Abhiram
Theoretical + Practical: 1 hour
◉ Setting up Acunetix for Web Vulnerabilities [Installation & Basics] [10mins]
◉ Setting up DVWA, PentestLabs, OWASP JuiceShop, MITRE Caldera [20-30mins]
◉ Analyzing required tools for Pentesting [XSSer, Burpsuite, SQL Map, etc.] [5-10mins]
◉ Basic XSS, SQL samples & lab attacks [20mins-30mins]
◉ Overview of Streamlit with Python & Some Data Visualizations [20mins-30mins]