Secure Source Code Analysis Using Hybrid Approach
Instructors:
Ranjith Menon,
Manoj Kumar
Secure code audit is a highly effective process of identifying vulnerabilities in software. This
process requires a more in-depth analysis of an application in order to find the security flaws. We
will help you to understand the different techniques to do source code analysis. In this training
you will learn how to do source code analysis on different web, mobile applications. This
training will be hands on how to do secure code analysis & review, so you need to bring your
own laptop to perform different types of attacks on applications provided by us.
Course Content (TOC):
Day 1: Dynamic Analysis
- Module 1: Introduction to Secure Source Code Practices (SSCP)
- Module 2: Application security basics (Dynamic analysis)
- Module 3: Introduction to proxy tools
- Module 4: Hands on vulnerable web applications
Day 2: Source Code Analysis – Hybrid Approach
- Module 1: Different ways of doing code analysis
- Module 2: Parameter manipulation attack and Defenses
- Module 3: SQL- Injection
- Module 4: Cross Site Scripting (XSS)
- Module 5: Cryptography
- Module 6: Cross Site Request Forgery (CSRF)
- Module 7: Security Misconfiiguration
Day 3: Source Code Analysis – Hybrid ApproachH
- Module 1: Broken Authentication and Session Management
- Module 2: Error Handling and Logging
- Module 3: Code quality
- Module 4: XML external Entity (XXE) Attack
- Module 5: Deserializing Objects
- Module 6: Android mobile app source code analysis
Day 4: CTF Challenges
- Module 1: CTF challenge on vulnerable source code application for attendees
Pre-Requisite
- Laptop/Desktop with Google Chrome installed
- RDP client installed
Who Should Attend
- Those having basic development background.
- Those who want to build secure applications.
- Those who want to perform a secure source code review based on hybrid approach
- Those who want to learn various secure code audit methodologies and approaches.
What to expect
- Exposure to different tools used for dynamic and static analysis
- Demo application to perform dynamic and static analysis
- Hands on CTF challenges
What not to expect