Skip to content

Details

Hello OWASP Melbourne,
To start off the year, we have a free challenge workshop to find and fix some common bugs, in collaboration with Dr. Pedram from SecDim’s SecGames. Following the positive feedback from the last collaboration we did, we're trying this again. All too often, there’s lots of talk out there about doing security better, let’s actually get our hands on keyboards and try our hands at it.

No presentation, no lecture. This is a hands-on session to up-skill in secure programming.

Here, we explore a vulnerable app to find and fix its vulnerability. The winner is the first person who fixes the vulnerability. The winner then shares their solution so we can all learn (or possibly find more bugs!).

It’s a small space, so please RSVP if you’re attending in-person, or join us remotely via Google Meets at https://meet.google.com/nsn-ukof-pte

Technical analysis of Secrets Disclosure + Unicode security challenge
During this challenge workshop, we will explore these weaknesses:

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere
  • CWE-641: Improper Restriction of Names for Files and Other Resources
  • CWE-20: Improper Input Validation
  • CWE-176: Improper Handling of Unicode Encoding

Agenda
6:00-6:10 Welcome
6:10-6:30 Past challenge solution and discussion (CWE-527 and 200)
6:30-7:00 Play the challenge of the month (CWE-641, 176 and 20)
7:30pm - End.

Prepare
If you are a first timer, prior to attending, please get your workstation setup by completing any of the "Start Here" levels on https://play.secdim.com

Required Equipment
Please bring your own laptop along to the event that has been setup as described above.

PS. This is a joint community event with SecDim.
https://www.meetup.com/secgames/events/292139527/

Other Information
What is OWASP?
The Open Worldwide Application Security Project® (OWASP) is a volunteer-run, nonprofit foundation that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

Find out more?
Meetup.com Page: https://www.meetup.com/Application-Security-OWASP-Melbourne/
About the Chapter: https://owasp.org/www-chapter-melbourne/
Join the AppSec ANZ Discord: https://discord.gg/uAWze2B

Related topics

Events in Melbourne
Application Security
Cybersecurity
OWASP
Information Security
Software Development

You may also like