ari/research-school-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
research-school-2024/writeups/subjects.md
Ari Archer e4dd9ccb2a
 Move the markdown mess to a writeups subdirectory. 
Signed-off-by: Ari Archer <ari@ari.lt>
2024-12-05 00:48:27 +02:00

3.2 KiB
Raw Permalink Blame History

Subjects (2024-11-04)

  1. Understanding web vulnerabilities
    • Exploration areas:
      1. Analyze specific vulnerabilities such as SQL injection, XSS, RCE, and zero-day vulnerabilities. How they are discovered, and their implications for web security.
      2. Advanced persistent threats and how over time they target the web, as well as how they are mitigated.
    • Improvement opportunities:
      1. Security research and reporting, Understand how security research is conducted and how it is reported.
      2. Understand how to detect and mitigate web vulnerabilities.
  2. Dynamic security testing
    • Exploration areas:
      1. Understand how fuzzing works, fuzzing techniques, and how fuzzing can be used to detect web vulnerabilities by passing random data to inputs.
      2. Explore how behavioural analysis can be used to detect anomalies in web application traffic which may indicate an attack.
    • Improvement opportunities
      1. By understanding how fuzzing works, we can implement a fuzzer helping to detect anomalies, edge cases, and unexpected behaviours.
      2. Implement an anomaly detection system using statistical methods or machine learning to monitor and report web traffic in real-time.
  3. Secure software and library development
    • Exploration areas:
      1. Explore how security can be incorporated in the development lifecycle of a library and software, and how to incorporate best security practices at all stages from planning to deployment.
      2. Understand how to model threats and mitigate your threats. Understand modeling strategies and how to detect potential threads early in the development process.
    • Improvement opportunities
      1. Create a comprehensive security checklist tailored for projects using various libraries.
      2. Organise best security models and thread analysis for secure programming and practices in future projects.
  4. Cryptography in web security
    • Exploration areas:
      1. Understand and investigate how modern web applications utilise web cryptography APIs and how they can be used for secure and private communication between the server and client.
      2. Explore the implications of quantum computing on current cryptographic practices and what future-proofing measures can be taken.
    • Improvement opportunities
      1. Understand how connections can be secure on a low-level using things like TLS.
      2. Research post-quantum cryptography and implications for modern applications.
  5. Ethical hacking methodologies
    • Exploration areas:
      1. Understand how red team vs. blue team strategies can be applied to enhance web security in various web contexts such as APIs, renderers, and server software.
      2. Learn about different methodologies used in penetration testing, including reconnaissance, scanning, exploitation, and reporting.
    • Improvement opportunities
      1. Engage in red/blue team exercises after understanding the methodologies, trying to explore best practices in coding to protect yourself from threats.
      2. After conducting tests, create detailed reports outlining findings, methodologies used, and recommended mitigations.

We ended up choosing #3 during our meeting at 2024-11-04.