Hacker Days:- The Anatomy of a Breach : Lessons from common mistakes
Details
Hello...Are you ready to dive into world of enterprise security ?. Join us for an exciting Hacker Days, where we'll explore some of the Information Security essential requirements and it's a shared responsibility to protect systems and data. In this workshop, we will play roles of Developer/End-user/Security Engineer and explore various common mistakes which lead to critical security issues. We will also discuss the best practices for preventing such attacks.
Thank you very much to Endor Labs for gracious providing us the venue and Levo.ai - the guardians of the API galaxy! for sponsoring the food and drinks.
This event is in partnership pacific hackers community https://www.pacifichackers.org/
Workshop outline:
* Overview
- Introduction: Responsibilities of different roles.
- Demo application walkthrough: A custom .net web application and a mobile app.
- Tools: BurpSuite, Wireshark, ApkTool
* Developer mistakes: Various mistakes done by developers will be explained along with the impact and how to identify and prevent them.
- Hardcoded Secrets
- Login Credentials
- Lack of Awareness
- Security Misconfiguration
* End-user mistakes: As end-users, one can be a victim of cyber attack due to simple mistakes. Let's explore scenarios with live demo.
- Wi-Fi Attack
- Offer and Freebies
* Security Engineer mistakes: Security engineers are responsible for detecting vulnerabilities and recommending fixes. But we are also human being and can commit mistakes which can lead to attacks.
- Misusing available tools
- Lack of scoping
- Few OWASP top 10 vulnerability demo
* Closing Note
* Q&A
Speaker Details:
Name: Sarwar Jahan M
Linkedin: https://www.linkedin.com/in/sarwarjahanm/
Bio: Sarwar Jahan is currently working as a Senior Enterprise Security Engineer, who worked at tech giants like Synopsys, Microsoft and Salesforce. He has 10+ years of experience and was ranked among top ethical hackers globally. He is passionate about sharing knowledge with the community and running a non-profit initiative called InfoSecCamp to spread security awareness among people by conducting Boot Camps.(