{"id":14312,"date":"2024-05-13T04:51:08","date_gmt":"2024-05-13T04:51:08","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/"},"modified":"2024-08-01T05:24:31","modified_gmt":"2024-08-01T05:24:31","slug":"secure-code-review-bkk2024","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/","title":{"rendered":"Secure Code Review for Developers &amp;  Security Professionals"},"content":{"rendered":"<div class=\"page\" title=\"Page 3\">\n<div class=\"layoutArea\">\n<h4><strong><span style=\"color: #993300\">ATTEND IN-PERSON<\/span><\/strong><strong><span style=\"color: #993300\">: <\/span><\/strong><strong>Onsite in Bangkok, Thailand<\/strong><\/h4>\n<div class=\"layoutArea\">\n<div class=\"page\" title=\"Page 3\">\n<h4><strong>DATE: 27-28 August 2024<\/strong><\/h4>\n<\/div>\n<h4><strong>TIME: 09:00 to 17:00 ICT\/GMT+7<\/strong><\/h4>\n<table style=\"height: 146px\" width=\"599\">\n<tbody>\n<tr>\n<td><strong>Date<\/strong><\/td>\n<td><strong>Day<\/strong><\/td>\n<td style=\"text-align: left\"><strong>Time<\/strong><\/td>\n<td><strong>Duration<\/strong><\/td>\n<\/tr>\n<tr>\n<td>27 Aug<\/td>\n<td>Tuesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>28 Aug<\/td>\n<td>Wednesday<\/td>\n<td>0900-17:00 ICT\/GMT+7<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<hr \/>\n<h5>Secure Code Review (SCR) plays a crucial role in any professional software security initiative and complements other testing activities \u2013 such as dynamic testing \u2013 by significantly extending code coverage and increasing the chances of exposing complex and critical security weaknesses.<\/h5>\n<p>This workshop presents a beginner-friendly approach to manual Secure Code Review (SCR), which is the result of combining multiple methods and techniques to detect more bugs during your software security reviews. The presented methodology is intended to be focused on Android application and its development environment; students will be applying such methods to a variety of apps written with different libraries and frameworks, to facilitate students in getting comfortable in understanding the structure and common issues when assessing the security of Android applications.<\/p>\n<p>The workshop is meant to be highly practical where students will be offered the chance to manually review multiple snippets of vulnerable code and develop rules to increase the detection of security issues from the source code.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h5><strong>Key learning objectives<\/strong><\/h5>\n<ul>\n<li>Understand the unique role and value of secure code review in improving the security posture of modern software applications.<\/li>\n<li>Learn how multiple review methodologies can be combined to increase code coverage and maximize the detection of high-impact security defects.<\/li>\n<li>Learn how the most critical vulnerabilities are \u201cmanifesting\u201d in Android applications\u2019 source code by reviewing multiple real-world snippets of vulnerable code.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h5><strong>What will the students get<\/strong><\/h5>\n<ul>\n<li>A methodology, principles, and approaches to initiate a secure code review activity against familiar and unfamiliar programming languages as well as mobile frameworks.<\/li>\n<li>Fully configured Virtual Machine (VM) with a selection of pre-configured tools ready to be used for delivering effective secure code review activities with a focus on Android environment.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h5><strong>Agenda\/Topics Covered<\/strong><\/h5>\n<p><strong>Overview on Secure Code Review<\/strong><\/p>\n<ul>\n<li>What is Secure Code Review.<\/li>\n<li>Manual vs. Automated Secure Code Review.<\/li>\n<li>The role of Secure Code Review in the Secure Development Lifecycle (SDLC).<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Code Review Methodologies<\/strong><\/p>\n<ul>\n<li>Introduction to OWASP Code Review Guide.<\/li>\n<li>Analysis of different review approaches: functionality-based, checklist-driven, entry\/exit point-driven, etc.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Android Apps Secure Source Code Analysis\u00a0 <\/strong><\/p>\n<ul>\n<li>Tools and Resources: introduction to SCA tools, library, and guidelines.\n<ul>\n<li><em>Semgrep <\/em>to automate Secure Code Analysis tasks<\/li>\n<\/ul>\n<\/li>\n<li>OWASP Mobile Top 10: understanding the most common vulnerabilities in Android apps<\/li>\n<li>Communication security\n<ul>\n<li>Detecting unsecure data transmission.<\/li>\n<\/ul>\n<\/li>\n<li>Analyzing data storage mechanism in mobile devices.<\/li>\n<li>Identifying vulnerabilities in session &amp; authentication mechanisms.<\/li>\n<li>Detecting input validation vulnerabilities.<\/li>\n<li>Code protection via obfuscation and anti-tampering techniques.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Fundamentals of backend security: APIs and Web Services<\/strong><\/p>\n<ul>\n<li>Introductive considerations when interacting with backend systems and service.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<h6>This 2-day workshop is designed to introduce students to a practical approach to Secure Code Review (SCR) to facilitate the detection of security weaknesses, which are unlikely to be detected via dynamic testing or automated static code analysis<\/h6>\n","protected":false},"featured_media":14311,"template":"","meta":{"_acf_changed":false},"product_cat":[85,84,86,87],"product_tag":[],"class_list":{"0":"post-14312","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-2-day-workshop","7":"product_cat-bkk-2024","8":"product_cat-bkk-2024-workshop","9":"product_cat-workshop-2","11":"first","12":"outofstock","13":"shipping-taxable","14":"purchasable","15":"product-type-simple"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure Code Review for Developers &amp; Security Professionals - HITBSecConf2024 - Bangkok<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Code Review for Developers &amp; Security Professionals - HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"og:description\" content=\"This 2-day workshop is designed to introduce students to a practical approach to Secure Code Review (SCR) to facilitate the detection of security weaknesses, which are unlikely to be detected via dynamic testing or automated static code analysis\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-01T05:24:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/\",\"name\":\"Secure Code Review for Developers &amp; Security Professionals - HITBSecConf2024 - Bangkok\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg\",\"datePublished\":\"2024-05-13T04:51:08+00:00\",\"dateModified\":\"2024-08-01T05:24:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#primaryimage\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg\",\"contentUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg\",\"width\":1024,\"height\":683},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shop\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/shop\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Secure Code Review for Developers &amp; Security Professionals\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\",\"name\":\"HITBSecConf2024 - Bangkok\",\"description\":\"August 26 - 30 @ InterContinental\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure Code Review for Developers &amp; Security Professionals - HITBSecConf2024 - Bangkok","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/","og_locale":"en_US","og_type":"article","og_title":"Secure Code Review for Developers &amp; Security Professionals - HITBSecConf2024 - Bangkok","og_description":"This 2-day workshop is designed to introduce students to a practical approach to Secure Code Review (SCR) to facilitate the detection of security weaknesses, which are unlikely to be detected via dynamic testing or automated static code analysis","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/","og_site_name":"HITBSecConf2024 - Bangkok","article_modified_time":"2024-08-01T05:24:31+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/","name":"Secure Code Review for Developers &amp; Security Professionals - HITBSecConf2024 - Bangkok","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#primaryimage"},"image":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#primaryimage"},"thumbnailUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg","datePublished":"2024-05-13T04:51:08+00:00","dateModified":"2024-08-01T05:24:31+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#primaryimage","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg","contentUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-content\/uploads\/sites\/22\/2024\/05\/matteo-bkk-workshop-5.jpeg","width":1024,"height":683},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/secure-code-review-bkk2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/"},{"@type":"ListItem","position":2,"name":"Shop","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/shop\/"},{"@type":"ListItem","position":3,"name":"Secure Code Review for Developers &amp; Security Professionals"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/","name":"HITBSecConf2024 - Bangkok","description":"August 26 - 30 @ InterContinental","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product\/14312"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media\/14311"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media?parent=14312"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product_cat?post=14312"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/product_tag?post=14312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}