Santhosh Tuppad is an intrinsically motivated and passionate software tester whose specialty is security testing apart from his love for exploratory testing and check automation. He became a hacker at the age of 16 and he has variety of experiences through hacking and he loves to speak about his transformation from unethical hacker to ethical hacker. Santhosh having unethical hacker experience before transforming as an ethical hacker knows about how his enemies (blackhat hackers) function and how he can help companies to work on safeguarding the application and making it highly difficult for blackhat hackers to compromise the application.
Apart from this, Santhosh is also OWASP CheatSheet Series Contributor and likes to call himself “Privacy Fighter” because he cares.
KEYNOTE 01 – Most of the code is garbage on this planet. Let’s see why
A functionally working code is just not anymore enough.
I have been 22 years in the hacking arena & my views about the software are still absurd in terms of security since I started. I unconventionally look at security.
Edward Snowden is admired and disliked at the same time for whatever he did. We hear criticisms such as, there is a right way of doing it, and he could have done it differently. Or, that is a sickening act by Snowden. Well, the revolution has never been straightforward.
All of us need secure applications for our clients. Sadly, we have fallen into the trap of shallow security testing and lack of secure coding principles due to whatsoever reasons. By this, I mean most of the companies are super conventional in the way they manage security testing. And also, most of the security specialists and leaders in security space lack a sense of security from a pragmatic perspective or an evil attitude to fight black-hat hackers. What we need is both offensive & defensive methods with a white-hat and black-hat hacker mindset working as a team.
Even today, out of 10 applications that I choose, I can hack at least 7 of them. It is just a matter of time and motivation for hackers to identify and exploit creatively. That’s garbage. Right?
In this talk, we will look into the bad traditions leading to the garbage code and what change we can bring in to eliminate the garbage for a secure tomorrow. I am confident about the audience enjoying this demonstration based talk.
Shhhhhh… What happens in here stays in here!
Key-Learning