Workshop: Application Security @ GopherCon

Abstract

Description This workshop is for all gophers who not only want to build cool applications, but also want to include security into them. Application security is a complex topic and can be hard to get into, so we will start by taking the first steps into the rabbit hole of (Go) security. Together, we will start with a very simple web application, learn basic security concepts, and focus on how to reinforce our application against attacks in an easy way. To achieve this goal, Anna-Katharina will explain the necessary information of an attack to conduct it. Once you find the vulnerability, we will work together to fix the issue and move forward. By the end of the workshop, you will have a simple web application that is protected against basic web security attacks, like CSRF or SQL Injection, and supply chain attacks.

What a student is expected to learn Students will learn how to reinforce a simple (web) application in Go against basic web security attacks (e.g. CSRF), and pin their dependencies to avoid supply chain attacks. Furthermore, a student will have the chance to run a static analysis against their code base to check for some of the vulnerabilities. During the workshop, every student will be challenged to reflect on their code and understand the diversity and complexity of security.

Prerequisites A basic understanding of the Go programming language. Students do not have to be expert Go users, but they are expected to have completed the majority of the Go Tour. An understanding of the basics of web applications is advantageous to easily dig into the code base.

Date
Oct 6, 2022
Location
Online [Workshop]
Anna-Katharina Wickert
Anna-Katharina Wickert
PhD student at Technische Universität Darmstadt

My research interests are focused on static code analysis, API-misuses, and software security. Currently, I focus on security problems caused by API-misuses, e.g., for cryptographic APIs.

Related