Introduction to dApps Security - Melbourne Chapter (Virtual) Meetup - 2022-08-03
Details
Yet another crypto attack. Almost weekly, with millions $ stolen from another dApp. Ever wondered how it's done?
For our first meetup in 2022, we’re super excited to have Dr. Pedram show us how you can secure dApps, with a first of its kind hands-on CTF. You don’t want to miss this.
We’re still virtual to minimise potential COVID related risks.
Join us online for all the festivities at https://discord.gg/Gh4N5NsjgE
We'll update this event with the YouTube link soon.
The Schedule ( Melbourne Time )
-------------------------------------------
17:45 hrs - Doors open - Come chill in Discord.
18:00 hrs - Welcome, and introductions.
18:05 hrs - Introduction to dApp security by Pedram
19:00 hrs - Q&As & CTF Kick-off
19:30 hrs - End.
Presentations
------------------
Introduction to dApp security:
Find, debug and fix a smart contract security vulnerability
---------------------------------------
dApp security is a whole new world where we should re-learn and change our perspective on AppSec. In this session, I will introduce dApp from security angle. I will then go under the hood of a dApp (Solidity) vulnerability and reverse engineer a security vulnerability. I will conclude with ways to effectively eliminate the vulnerability. There will be a dApp CTF for those interested to solve dApp security challenges.
By Dr. Pedram Hayati( @pi3ch )
Dr. Pedram Hayati is a security researcher who strives to close the knowledge gap among security and software practitioners. He has performed hundreds of security audits for Fortune 500, published over 25 zero-days, reported thousands of security vulnerabilities and led a global penetration testing team. His experience is backed by his strong academic qualification and PhD in Information Security. Currently, Pedram has put his passion in building SecDim, a boutique AppSec academy, where he and his team build the most accessible, comprehensive and open training content for addressing security vulnerabilities in modern apps/dApps. Aside from SecDim, he lectures an advanced cyber security master course at UNSW (Australian Defence Force Academy) and is the founder of SecTalks.org, the largest non-profit multinational technical security community. He has spoken at a number of top security conferences namely HITB Netherlands, BSides, and AusCyber. His research on cloud security and honeypots have received global media coverage in The Register, Computer Security, and Insecure Magazine
dApp CTF
--------------
There will be 3 challenges at
https://play.secdim.com/game/dapp
Solve dApp security challenges and win prizes. Winner, is the first person who gets the highest score in the given time.
< ! > Please come prepared
This will be a follow along workshop/talk, with the CTF directly using the things covered in the talk. To get the most out of this session, please ensure that you have your computer, with the following tools, installed and configured:
- Docker
- Makefiles
### Other Information
What is OWASP?
The Open Web Application Security Project® (OWASP) is a volunteer-run, nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
Find out more?
Meetup.com Page: https://www.meetup.com/Application-Security-OWASP-Melbourne/
About the Chapter: https://owasp.org/www-chapter-melbourne/
These events are made possible by our OWASP Foundation members, and sponsors. If you like what we do, please sign up for a Foundation membership at
https://owasp.org/membership/