Application Security Workshop presented at Nullcon 2016

by Amit Ashbel,

Summary : This three part workshop designed for AppSec Professionals and developers covers Application Security concepts including gamification of education, understanding and addressing code vulnerabilities in web and mobile applications and reviewing the state of mobile application security today.
Part 1:
Game of Hacks: Play, Hack & Track
Game of Hacks, built using the node.js framework, displays a range of vulnerable code snippets challenging the player to locate the vulnerability.
Learn how and why vulnerabilities were planted within Game of Hacks
See real attack techniques (some caught us off guard) and how we handled them
Hear what to watch out for on the ultra-popular node.js framework.
Compete for a cool prize in a real-time Application Security challenge
Part 2:
Addressing Web and Mobile Vulnerabilities Efficiently
Analyze web and mobile application scan results together with the audience and understand how to properly address vulnerabilities as part of the software development life cycle.
Part 3:
Think Your Mobile App Is Secure? Think Again...
Secure coding is crucial when it comes to mobile applications. Unfortunately it seems that most applications are still exposing themselves to risks which can be mitigated by employing secure coding practices from the start.
Research by Checkmarx and AppSec-Labs reveals a troubling picture where applications expose an average of three or more critical application vulnerabilities.
During this session we will:
Review the findings of the “State of Mobile Application Security Report”
Understand the limitations of mobile application security solutions
Discuss the risks introduced by hybrid application development