$2,299.00
| Date | Day | Time | Duration |
| 22 November | Monday | 09:00 to 17:00 GST/GMT+4 | 8 Hours |
| 23 November | Tuesday | 09:00 to 17:00 GST/GMT+4 | 8 Hours |
Keeping software free of vulnerabilities is a cat-and-mouse game, because of the multiple layers where security bugs can hide within the software stack of an application. Therefore we show techniques to discover bugs in both, source code, bytecode and native code, as needed in real life.
For the first part we’ll start with an introduction to the JVM platform and typical vulnerability types, then continue to learn about introspection technologies and tools to identify issues in source code and binaries. The range of techniques covers the range of assisted source code reading, scanning tools as well as ultrafast fuzzing. After identifying vulnerabilities we’ll also discuss strategies to fix the discovered holes.
The second part starts with presenting the threat model of the Android platform, and how Java coding can go wrong security-wise. Although we can reuse a couple of aspects and tools from the JVM part, there is a lot of discover when building the toolbox.
For both parts we will visit a large range of interesting CWE and CVE instances to direct the audience attention to relevant issues, and allow to learn evaluation how bug patterns can impact confidentiality, integrity and availability of your software.
