How did we teach (ourselves) security (Goran Mekić)
| March 5th, 2019Level: Technical
Abstract:
As it’s not easy to come by a list of what to do in development, we took the opposite approach and researched how to make our code as bad as possible, security wise. Some of the topics we covered:
- Metasploit / quasar
- Android
- buffer overflow, stack smashing, etc.
- JWT on web and browser security (local/session store vs js store)
- WEB server HTTPS config
- ASLR, W^X memory violations, CFI
For every mentioned topic we tried to explore ways to be as insecure as possible and learning how such an environment can be exploited.”
Bio:
Goran Mekić is FreeBSD and Linux administrator, WEB developer, security researcher and low-level geek who recently found love for embedded and kernel development. I am a co-founder and teacher in Novi Sad hackerspace named Tilda Center.
Video/recordings:
[Slides (PDF)] [Recording (MP4)]