Secure Coding

Sam Bowne and Elizabeth Biddlecome

The Worst Mobile Apps (DEF CON 28, 2020) (PPTX) · (Keynote)

  

   

   

   

   

   

   

   

Projects

Submit Flags · Scoreboard · Details

Linux Server Setup

H 201: Google Cloud Linux Server 10
SC 200: Cloud PHP Server 20

Manual Testing

SC 201: XSS 25
SC 202: Shell Code Injection 25
SC 203: SQL Injection 35
SC 204: Local File Inclusion 35
SC 205: Hardcoded Secrets 15
SC 206: Integer Overflow 15

Windows Server Setup

F 61: Google Cloud Windows Server 15
SC 105: Building a Vulnerable Windows Server in the Cloud 25
PMA 125: Installing Visual Studio 2022 10

Static Testing

SC 100: Installing the OWASP Juice Shop in the Cloud 25
W 700: SonarQube Code Scanner 15
SC 101: Scanning the OWASP Juice Shop with SonarQube 10 + 10 extra
SC 110: Finding Security Issues with Codacy 15
SC 111: Investigating Security Issues with Codacy 20
SC 120: Finding Security Issues with Semgrep 15
SC 130: Finding and Fixing Security Issues with Snyk 25

Dynamic Testing

SC 300: OWASP ZAP 45

Rust

R 10: Rust Basics, Overflows, & Injection35 extra
R 20: Dangling Pointers & Memory Leaks in Rust35 extra

Sodium

 C 430: Private-Key Encryption With Sodium (65 extra)
C 431: Public-Key Encryption With Sodium (25 extra)

Scores from Spring 2024

Posted 10-19-24