Optus API hack challenge - SecGames 0x02
Details
Bug: Optus API hack*, CWEs 340, 359, 770.
The challenge of this session is inspired from Optus API hack. It highlights at least three missing API security controls. Join us to discuss, elaborate and find ways to effectively remediate them.
What is SecGames?
No presentation, no lecture, not a typical meetup. This is a hands-on session to upskill in secure programming.
At SecGames, we explore a vulnerable app to find and fix its vulnerability. The winner is the first person who fixes the vulnerability. The winner then shares her/his solution so we can all learn (or possibly find more bugs!).
Who is this for?
- Software and test engineers
- Security engineers (AppSec)
- DevOps
- Penetration testers
- Secure code reviewers
- Anyone with passion in building a secure system
- Beginner or experienced
SecGames caters for both beginners and experienced professionals. So don’t feel shy and join us. We would love to see more people caring about and practising software security.
Agenda:
- 6:00-6:10 Welcome
- 6:10-6:30 Past challenge solution and discussion
- 6:30-7:00 Play the challenge of the month
Prepare: If you are a first timer, get your workstation setup by completing any of the "Start Here" levels on https://play.secdim.com (SecDim Play is an open training game for secure programming)
Contribute: Help to foster the community by contributing a secure programming challenge. Follow the guide at https://github.com/secdim/play-sdk.
Keep in-touch: Join the community on https://discuss.secdim.com, ask, share, discuss anything related to secure programming, security testing, fuzzing, cloud security, container security, cluster security, and code review.
Online event: After RSVP, you will receive the video conferencing URL.
* Security incidents happens all the time. Some gets to the public some don't. The choice of this security bug is purely for educational purposes and this is not to blame any name or organisation.