Secure Coding: Fix from the root
This talk aims to overcome the drawbacks of the current approach of teaching application security by blindly attacking applications to analyze vulnerabilities.
This results in engineers being unable to figure out the proper fix for the vulnerabilities and hence allowing attackers to exploit the same.
The talk will help security enthusiasts, developers and students to identify the root cause of the vulnerability in the code, patch it, re-deploy the application, and finally verify the fix.
As an attendee, you will learn to find vulnerabilities with both an attacker and a defenders point of view which would help in a swift SDLC of fixing and moving forward instead of traditional pentesting procedures of fixing the issues at the end of the cycle. The demonstration will be done using a vulnerable e-cart application with microservice architecture which is deployed using docker where the vulnerable code is attacked and replaced with secure code snippets, compiled, deployed and pentested again to demonstrate how fixing a vulnerability at the root saves engineers time and efforts.
