Workshops
November 22nd
Prateek Tiwari
Bug Bounty is a reward offered to individuals who identify and report bugs or security vulnerabilities in a computer program/system
or software. The reward could be in any form- from goodies to hard cash or just acknowledgement.
The workshop is intended for anyone who has interest in Information Security, or likes breaking code or who wants to make money ethically,
by responsibly disclosing security issues to companies.
- Live demonstration of using "Burp Suite"
- How to select a target and deep dive into it
- Using Burp Suite to make life easier while Hunting
- Shooting in Dark? Importance of understanding the application flow before looking for vulnerabilities
- How to submit better bug reports & build strong relationship with Triage/Security Team = Nice Bounties
- Keeping yourself up-to-date and using that knowledge to find bugs = Profit | Profit
- Important tools in Bug Bounties
- Wrapping up, summarizing above topics
Jim ManicoAs part of this workshop, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit.
Topics will include:- Introduction to Application Security
- HTTP Security Basics
- XSS Defense
- Intro to Angular.JS Security
- Intro to React.JS Security
- SQL and other Injection
- Cross Site Request Forgery
- Input Validation Basics
- OWASP Top Ten 2017
- Introduction to API and Microservice Security