2025-08-19 –, Room 1.20 (Ground Floor, Shannon)
Security research is crucial in IT - considering the fast-paced growth of cybercrime, the prevalence of nation-state attacks, or the 40k CVEs reported last year. Yet, performing one’s own security research is challenging. This talk explores fundamental approaches and techniques to discover vulnerabilities in software. Participants will exercise static analysis on a vulnerable Python application to apply new knowledge. The goal is to understand how to perform security research.
Participants of this tutorial will gain a solid foundation in software analysis, with a strong emphasis on security. We will explore the significance of security research in software development and consider various resources and tools to discover vulnerabilities.
To illustrate these concepts, we’ll perform static analysis with Bandit on a vulnerable Python library as a case study. Additionally, we’ll understand different approaches and techniques to security-oriented analysis. Participants will gain essential knowledge to identify vulnerabilities, find potential targets for analysis, and apply research methodology.
This tutorial will cover
* Introduction to security research
* Automated software analysis - SAST vs DAST
* Research methodologies and resources
* Basics of static code analysis
* Practical examples using vulnerable software to test acquired skills
Key takeaways
* Basic concepts related to vulnerability research
* Software analysis fundamentals
* Security analysis tools
none
Expected audience expertise: Python:some
Supporting material: Supporting material Your relationship with the presented work/project:Original author or co-author
Web & mobile security researcher with a few years of experience. MSc in computer sciences. Currently working on network security, including kubernetes infrastructure. In free time doing hackthebox, sharing knowledge and analysing applications in Apple ecosystem.