This is the Toronto Chapter for OWASP. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
If you are interested in application security, come join us! OWASP Toronto meetings are open to EVERYONE to join for FREE.
Back to the Future of Application Security: Developing Secure Smart Contracts
Date/Time: January 23, 2019, 6:30 PM to 8:30 PM EST
Location: Room 128, St. James Campus - Building A, George Brown College, 200 King Street East, Toronto, ON, M5A 3W8
Race-conditions, re-entrancy, bad randomness, unchecked calls and integer overflows! No, we’re not coding a C++98 application and worried about the Y2K bug; it’s 2019 and welcome to the world of smart contracts! Grab some avocado toast and GAS-up for a trip onto the blockchain, because where we're going, we don't need roads.
We’ll start with an introduction to smart contracts and their place in the distributed ledger technology ecosystem. We’ll delve into key vulnerabilities from the SWC (Smart Contract Weakness) registry and link them to real world impacts. We’ll identify smart contract flaws in Solidity and ultimately how to mitigate them.
Ending with some key principals in building secure smart contracts and suggested tooling to augment secure smart contract development flow. All with a dash of lamenting how by forgetting the past we are doomed to repeat it. And of course, no talk would be complete without a smart contract CTF challenge, or two, for the taking.
Jamie Baxter, M. Eng., OSCP, OSCE, GPEN, CISSP
Principal Consultant & Founder - SRNSEC Inc.
Jamie is an independent security consultant specializing in security assessments, ranging from web application and infrastructure penetration tests to red teaming exercises.
Prior to independent consulting, Jamie was the Director of Cyber Security Assessments at RBC, a Senior Penetration Tester for the Department of National Defense, and a developer for over 10 years.
When not on an engagement, he can be found competing in and building CTFs or exploring the world of distributed ledger technology security.