THREAT CON 2023
Workshops: September 11 - 12
Conference: September 13
Hotel Yak & Yeti

Get Tickets

Application Security Tips and Tricks

September 11-12

Time: 10 AM - 5 PM (NPT, GMT+5:45)

Price: NRS 32,990 (USD 379)


Get Ticket



Workshop by Vladimir Dashchenko and Sergey Temnikov


Vladimir Dashchenko twitter
Sergey Temnikov linkedin

Application Security (AppSec) is one of the most important sets of processes focused on protecting applications from various kinds of security threats. Appsec enhances product’s maturity, lowers external security tests expenses making software more protected in general.

Sometimes people confuse QA testing and Appsec, while these two are completely different things. Short and simple explanation: QA is about if a software functioning properly and does all needed things; appsec is about software’s vulnerabilities and mitigating these vulnerabilities

We start the deep dive into the most common and critical vulnerabilities that affect applications of all kinds, their discovery techniques, and mitigation strategies that will empower product engineering. The workshop is designed to be useful both from the perspective of a learner who starts a bug hunting journey, as well as software engineers or penetration testers who want to dig deeper into the application security topics.

During the workshop, you will research various software attack techniques, tools, , and procedures to exploit vulnerabilities in different applications. We will embark on the paths and go from zero knowledge about vulnerabilities to automation of the bug hunting routine.

This workshop is based on practical examples, real vulnerabilities and real vulnerability research tricks



Key Learning Objectives

  • Understand differences between various appsec approaches
  • Understand how OWASP Top 10 vulnerabilities and flaws work in the wild
  • Understand how dynamic and static code analysis techniques work
  • Gain practical experience of finding vulnerabilities using dynamic and static code analysis
  • Use the most effective real-world tactics, techniques, and tools methods to protect applications against the flaws

Agenda

  • Application security into – what is it for? What is SDLC?
  • Most common vulnerabilities and weaknesses. Understanding methodologies of measuring vulnerabilities, weaknesses, attack vectors. Attack surface.
  • Vulnerability identification approaches: key differences, methodologies, tools, tactics, techniques
  • Reverse engineering basics
  • Fuzzing basics
  • Exploitation of vulnerabilities
  • Vulnerability mitigation tactics and techniques

Who Should Attend

  • QA engineers who want to switch to Application Security
  • Software engineers and developers who are interested in Application Security topics
  • Bug hunters and penetration testers who are interested in gaining experience in Application Security
  • Engineering Team Leaders who want to properly implement product maturity program

Subscribe and get our news and updates.