Master advanced exploitation and defensive techniques to build a secure dApp from the ground up.
In this attack and defence workshop, we look at vulnerabilities of decentralised apps and what make them unique from other software vulnerabilities. With beginners in mind, we go under the hood of each vulnerabilities, understand its internal workings and find the root causes of the flaws.
We have hand picked security vulnerabilities from both Web2 and Web3 domains. We then attack dApp in a simulated environment and learn how to exploit each vulnerability.
With these insights, we then explore modern defensive design patterns to understand how they protect dApps.
We learn advance techniques to hunt hard-to-find security bugs and then go one step further to build property based fuzzers protecting our dApp against possible future security bugs.
We have learnt software security the wrong way, let's redefine it.
Why we have so many vulnerabilities
Web2 vs Web3 vulnerabilities
Why post-release patching is dangerous
What is Defensive Design and Programming
Five phases of identifying and exploiting a vulnerable program
Build a rapid, effective and actionable threat model early during development
Identify security design issues during stand-ups
Trust boundary analysis
Five + three threat actors
Discover threats
Common insecure assumptions in our programs that are exploited
Rapid Threat Modelling
STRIDE
SecDim's Threat Thinking Matrix
Build a threat model in an attack and defence game
Hack your own app exploitation lab
Hunt for dApp security bugs at run-time using new fuzzing techniques
Write security unit tests in brownie
Property based testing using Hypothesis
Coverage guided fuzzing
Fuzzing vs testing
Property based fuzzing
Symbolic execution
Swarm fuzzing
Stateful fuzzing
Learn three core defensive design patterns to address the insecure anti-patterns:
Transaction order dependency
Call before state change
Unlimited gas usage
Insufficient data validation
Lack of data recognition
Overlooking an untrusted entry point
Security by coding conventions
Learn advanced exploitation techniques to attack dApp security vulnerabilities and then apply defensive design patterns to eliminate the security bugs
Reentrancy
Denial of Service
Block stuffing
Front running
Numeric overflow
Numeric imprecision
Visual Spoofing
Unicode Vulnerabilities
Time Of Check Time Of Use (race condition)
4 half-days live workshop
Step-by-step directions by a highly qualified instructor
100+ self-pace git-based labs
Access to an exclusive support forum
Full access to workshop slide content
You will also get
Practice schedule and mentoring
Standard pathway program
Assessment of your practices
Free attempt to obtain SecDim Certification in Defensive Programming and earn up to 20 hours of professional education
We forget almost 60%
of newly acquired information within a week!
We provide you with a practice schedule
and mentorship during a three months pathway
so that secure software engineering becomes your habit.
Our workshops run only a few times in the year. Don't miss out.
Defensive Programming workshop gives you outstanding technical skills
and analytic thinking that are
in great demand
by top companies.
Secure
SecDim Certification in Defensive Programming
to open doors to the most interesing security roles all over the world.
