DURATION: 3 DAYS
CAPACITY: 20 pax
SEATS AVAILABLE: REGISTRATION CLOSED
REGISTER NOW
SGD2999 (early bird)
SGD3999 (normal)
Early bird registration rate ends on the 30th of April
Overview
Reading source code is like the x-ray goggles of hacking. The more you are able to see, the more bugs may appear under the hood.
You might be a proficient Penetration Tester or a skilled Bug Bounty Hunter without ever doing a source code assessment. But, if you like to broaden your horizon with source code reviews to identify bugs in source code, this is the training you are looking for.
This training aims to enable the participants to perform source code assessments on managed languages. In order to teach the general aspects of source code audits, as well as the identification and exploitation of vulnerabilities, the training will follow a language agnostic approach.
Managed languages covered in this training include:
* PHP
* Java
* .NET
* Python
* Ruby
* Go
The general concepts and key take-aways of this training, however, are independent from specific languages.
Who Should Attend
Penetration Testers, Bug Bounty Hunters, Developers or anyone else interested in finding (and exploiting) flaws in Software by reading the respective sources.
Key Learning Objectives
Language agnostic code audit approaches
Recognition of common patterns leading to vulnerabilities
Recognition of vulnerabilities caused by erroneously used interfaces
Handling of vast code bases
Creation of PoCs exploits based on code audits
Preequisite Knowledge
Reasonable IT security background (e.g. penetration tests, bug bounties, etc.)
Reasonable programming experience in at least one managed language
Hardware / Software Requirements
Latest version of VirtualBox Installed
Administrative access on your laptop with external USB allowed
At least 20 GB free hard disk space
At least 4 GB RAM (the more the better)
Agenda
DAY 1 – Basic Topics
Opening and Introduction
Code audit toolchain set-up
Patterns and idioms in source code which enable vulnerabilities
Practical exercises
DAY 2 – Advanced Topics
Underhanded vulnerabilities
Tackling large code bases
Interface / environment considerations
Practical exercises
DAY 3 – PoC Creation
Verification of findings
Creation of simple triggers
Creation of working PoC exploits
Practical exercises
Final practical exercises on real-world code bases