Secure Source Code Analysis Using Hybrid Approach


Instructors:

Ranjith Menon, Manoj Kumar

Secure code audit is a highly effective process of identifying vulnerabilities in software. This process requires a more in-depth analysis of an application in order to find the security flaws. We will help you to understand the different techniques to do source code analysis. In this training you will learn how to do source code analysis on different web, mobile applications. This training will be hands on how to do secure code analysis & review, so you need to bring your own laptop to perform different types of attacks on applications provided by us.

Course Content (TOC):


Day 1: Dynamic Analysis
  • Module 1: Introduction to Secure Source Code Practices (SSCP)
  • Module 2: Application security basics (Dynamic analysis)
  • Module 3: Introduction to proxy tools
  • Module 4: Hands on vulnerable web applications
Day 2: Source Code Analysis – Hybrid Approach
  • Module 1: Different ways of doing code analysis
  • Module 2: Parameter manipulation attack and Defenses
  • Module 3: SQL- Injection
  • Module 4: Cross Site Scripting (XSS)
  • Module 5: Cryptography
  • Module 6: Cross Site Request Forgery (CSRF)
  • Module 7: Security Misconfiiguration
Day 3: Source Code Analysis – Hybrid ApproachH
  • Module 1: Broken Authentication and Session Management
  • Module 2: Error Handling and Logging
  • Module 3: Code quality
  • Module 4: XML external Entity (XXE) Attack
  • Module 5: Deserializing Objects
  • Module 6: Android mobile app source code analysis
Day 4: CTF Challenges
  • Module 1: CTF challenge on vulnerable source code application for attendees

Pre-Requisite

  • Laptop/Desktop with Google Chrome installed
  • RDP client installed

Who Should Attend

  • Those having basic development background.
  • Those who want to build secure applications.
  • Those who want to perform a secure source code review based on hybrid approach
  • Those who want to learn various secure code audit methodologies and approaches.

What to expect

  • Exposure to different tools used for dynamic and static analysis
  • Demo application to perform dynamic and static analysis
  • Hands on CTF challenges

What not to expect

  • Any professional tools
Course Dates
29 & 30 August, 2020
5 & 6 September, 2020
Duration
4 Days
Category
Code Analysis

Related Courses

We will discuss basic primitives, schemes and building blocks of cryptography + PKI.
Ethereum is a next generation blockchain which facilitates smart contracts over the internet.
This course is the culmination of years of experience gained via practical pentesting of mobile applications as well as countless hours spent in research.
To provide a hands on training on the technical aspects of attack simulation and red teaming tactics.