by Siddharth Muralee (@tr3x) on Sunday, 27 November 2016

+36
Vote on this proposal
Status: Submitted
Technical level
Beginner

Abstract

Today, the necessity of strong cybersecurity measures is self evident. A proliferation of cyber attacks is causing increasing damage to companies, governments and individuals.. Organizations need to respond to this increased threat by adopting strict cybersecurity measures. And the awareness should begin with programmers.
Learn how your mistakes get exploited by Hackers and how to take necessary precautions to prevent your organisation getting compromised.

Outline

Should I really learn how to code safe? How big of a mistake must I make to get hacked?
It is the small parts of the code that a programmer doesn’t notice or ignores that in the end leads to the program/site getting exploited. The mistake you made which we call as a vulnerablity would be so small that any amateur programmer may ignore while writing or reviewing the code.

How much destruction can a vulnerablity cause ?
The StuxNet a malware which used four vulnerablities in the Windows operating system managed to get access into the Iran nuclear facility and destory one-fifth of its centrifuges, slowing down the Iran nuclear program by years. It also managed to spread through the internet and affect millions of countries worldwide.

Won’t the “Cyber Security Professionals” take care of it ?
Actually the Cyber Security Professionals are very few when compared to the needs of the Software and IT industry. “The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million,” stated Michael Brown, CEO at Symantec, the world’s largest security software vendor.

The Talk will be about:
1. Why basic security knowledge is necessary for every programmer.
2. What happens to a program/process when it is compiled. Introduction to the Stack.
3. The Infamous Buffer Overflow Vulnerability : A program having such a buffer overflow vulnerability will be exploited live and will be explained to the Audience
4. The Format String Vulnerability : A program having a format string vulnerability will be exploited in front of the participants
5. SQL Injection : A website with having a vulnerability being exploited in front of the audience.
6. XSS Vulnerability: A website having a XSS vulnerability will be exploited in front of the audience.

Requirements

A deep desire to learn new stuff and to code better and safer.

Speaker bio

I am currently pursuing a B.Tech in Computer Science at Amrita School of Engineering , Amritapuri.
I am a Foss and Security Enthusiast, mainly into Reverse Engineering, Binary Exploitation and Cryptography.
I am a member of team Bi0s. We are currently the top CTF team in India ahead of IITs, NITs and BITS. Currently ranked 65th in the world by ratings given by CTFtime.org.