Skip to content

Details

Incorrect handling a file path can result into security vulnerabilities. An adversary can exploit it to leak sensitive data from our system. In this hands-on session we will learn how to find and fix insecure file path handlers.

No presentation, no lecture. This is a hands-on session to upskill in secure programming.

We explore a vulnerable app to find and fix its vulnerability. The winner is the first person who fixes the vulnerability. The winner then shares her/his solution so we can all learn (or possibly find more bugs!).

We will explore these weaknesses:

  • CWE-35 and CWE-23

Agenda:

  • 6:00-6:10 Welcome
  • 6:10-6:30 Past challenge solution and discussion
  • 6:30-7:00 Play the challenge of the month

Prepare: If you are a first timer, get your workstation setup by completing any of the "Start Here" levels on https://play.secdim.com (SecDim Play is a training game for secure programming)

Contribute: Help to foster the community by contributing a secure programming challenge. Follow the guide at https://github.com/secdim/play-sdk.

Keep in-touch: Join the community on https://discuss.secdim.com, ask, share, discuss anything related to secure programming, security testing, fuzzing, cloud security, container security, cluster security, and code review.

Hybrid event: After RSVP, you will receive the video conferencing URL in the "How to find us" section (on the right). For in-person attendance, take the lift to Level 8 and then sign in using iPad.

Related topics

Events in Sydney
Application Security
Computer Security
Software Security
Game Night
Hacking

You may also like