Hacking, Hardening and Securing: An overview for Developers

Workshops OSI 2018

Hacking, Hardening and Securing: An overview for Developers

Kaiwan N Billimoria The phenomenal rise in technology, and especially, software-driven products (domains like networking, telecom, embedded-automotive, infotainment, and especially now IoT, ML, AI) literally begs for better security on end-products. Hackers currently have a field day! and are only getting better at it, while product developers lag behind. Not a good thing. This workshop is geared towards helping participants understand why and where software vulnerabilities exist, while programming and after; available OS Hardening techniques; what tools and methodologies help prevent and mitigate security issues

Speaker/Instructor: Kaiwan N Billimoria

About: Kaiwan taught himself BASIC programming on his Dad's office IBM PC-XT when he was in the 9th grade (back in 1983). The urge to learn, hack and master at the level of the “bare-metal” was born there! He is also founder of kaiwanTECH which provides world class training, workshops and consulting services in the Linux systems domain.

Workshop Code: WS 01

Date: 11th October 2018

Time: 03:30 PM to 06:30 PM

Venue: Workshop Room 2

Fee: Rs. 2999/- (Limited seats available)

Summary of the workshop

The phenomenal rise in technology, and especially, software-driven products (domains like networking, telecom, embedded-automotive, infotainment, and especially now IoT, ML, AI) literally begs for better security on end-products. Hackers currently have a field day! and are only getting better at it, while product developers lag behind. Not a good thing. This workshop is geared towards helping participants understand why and where software vulnerabilities exist, while programming and after; available OS Hardening techniques; what tools and methodologies help prevent and mitigate security issues.
The workshop essentially consists of 3 parts:

  • Part 1 : Security/Hacking Intro
  • Part 2 : Technical: deep dive into software vulnerabilities, their root causes, process stack
  • Part 3 : Technical: Modern OS Hardening Countermeasures (esp on Linux).
Who’s Your Target Audience?
  • Part 1 : Any IT professional will benefit from this
  • Part 2 & Part 3 : will really benefit folks with exposure to systems programming with ‘C’ / OS developers (knowledge of basic 'C'/C++, OS basics). In general, people with an interest in security will find Part I useful, software developers (biased towards ‘C’/C++) will find all parts useful.
Benefits/Takeaways of this workshop for the attendees
  • 1. Eye opener to the need to design and implement software with security in mind
  • 2. Current state of security, especially wrt the Linux ecosystem
  • 3. Current technical tools to make use of during product development
  • 4. Importantly, on the Linux OS, what hardening countermeasures could (and should) be made.
Who can attend this workshop?
  • 1. IT managers & heads
  • 2. IoT Solution Providers
  • 3. Software developers (Mobile, Web and apps)
Pre-requisites to attend the workshop
  • Part 1 : no prerequisites (besides being in the industry :-))
  • Part 2 and Part 3 : very technical in content; will really benefit folks with exposure to systems programming / OS developers (knowledge of 'C'/C++, OS basics, Linux experience).
List of topics covered in the proposed workshop?

The workshop session is divided into three parts:

  • Part 1 :
    • 1. Terminology
    • 2. Current State of Security
  • Part 2 :
    • 1. Tech Prelim: the process stack
    • 2. BoF (Buffer Overflow) Vulnerabilities
    • 3. Demo of a BOF on an ARM VM
  • Part 3 :
    • 1. Modern OS Hardening Countermeasures
    • 2. State of Linux OS in particular
    • 3. Q&A