Jan 2019 Event - Back to the Future of AppSec: Developing Secure Smart Contracts

This is a past event

83 people went

George Brown College

200 King Street East · Toronto, ON

How to find us

--- St. James Campus – Building A – Room 128 --- --- Parking Options --- https://en.parkopedia.ca/parking/200%20king%20st%20east%20toronto/?arriving=201901231800&leaving=201901232100

Location image of event venue

Details

Back to the Future of Application Security: Developing Secure Smart Contracts

Date/Time: January 23, 2019, 6:30 PM to 8:30 PM EST
Location: Room 128, St. James Campus - Building A, George Brown College, 200 King Street East, Toronto, ON, M5A 3W8

Abstract:

Race-conditions, re-entrancy, bad randomness, unchecked calls and integer overflows! No, we’re not coding a C++98 application and worried about the Y2K bug; it’s 2019 and welcome to the world of smart contracts! Grab some avocado toast and GAS-up for a trip onto the blockchain, because where we're going, we don't need roads.

We’ll start with an introduction to smart contracts and their place in the distributed ledger technology ecosystem. We’ll delve into key vulnerabilities from the SWC (Smart Contract Weakness) registry and link them to real world impacts. We’ll identify smart contract flaws in Solidity and ultimately how to mitigate them.

Ending with some key principals in building secure smart contracts and suggested tooling to augment secure smart contract development flow. All with a dash of lamenting how by forgetting the past we are doomed to repeat it. And of course, no talk would be complete without a smart contract CTF challenge, or two, for the taking.

Speaker Bio:

Jamie Baxter, M. Eng., OSCP, OSCE, GPEN, CISSP
Principal Consultant & Founder - SRNSEC Inc.

Jamie is an independent security consultant specializing in security assessments, ranging from web application and infrastructure penetration tests to red teaming exercises.

Prior to independent consulting, Jamie was the Director of Cyber Security Assessments at RBC, a Senior Penetration Tester for the Department of National Defense, and a developer for over 10 years.

When not on an engagement, he can be found competing in and building CTFs or exploring the world of distributed ledger technology security.