SecGames

 
 
 

This is a joint event with OWASP Melbourne.

No presentation, no lecture. This is a hands-on session to upskill in secure programming.

We explore a vulnerable app to find and fix its vulnerability. The winner is the first person who fixes the vulnerability. The winner then shares her/his solution so we can all learn (or possibly find more bugs!).

We will explore these weaknesses:

• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
• CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere
• CWE-641: Improper Restriction of Names for Files and Other Resources
• CWE-176: Improper Handling of Unicode Encoding

Agenda:

• 6:00-6:10 Welcome
• 6:10-6:30 Past challenge solution and discussion
• 6:30-7:00 Play the challenge of the month

Prepare: If you are a first timer, get your workstation setup by completing any of the "Start Here" levels on https://play.secdim.com (SecDim Play is a training game for secure programming)

Contribute: Help to foster the community by contributing a secure programming challenge. Follow the guide at https://github.com/secdim/play-sdk.

Keep in-touch: Join the community on https://discuss.secdim.com, ask, share, discuss anything related to secure programming, security testing, fuzzing, cloud security, container security, cluster security, and code review.

Hybrid event: After RSVP, you will receive the venue location or video conferencing URL.