Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
Back To Schedule
Monday, October 8 • 9:00am - Wednesday, October 10 • 5:00pm
3-day training: Intro to Hacking Blockchain Applications and Smart Contracts LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

As Blockchain platforms become more and more developed, many companies are beginning to investigate how this emerging technology might affect their business. In this three day course we dive deep into state of the art methodologies used when developing smart contracts for Blockchain enabled Decentralized Applications (DApps) using Web3 technology. We focus the training on the Ethereum Blockchain and the Solidity language, as these are currently the most used platforms for building decentralized applications.

The course will be a tutorial that guides participants through the Solidity programming language and its constructs so that students will be capable of developing these applications themselves and identifying the most common vulnerabilities on this platform.

Since the consequences of insecure smart contracts are so public and costly, often resulting in immediate theft of funds, we focus the course primarily on common vulnerabilities found in this platform and how to prevent them.

We will be using our custom Blockchain CTF platform for exercises and demos. With this platform, we have constructed a series of vulnerable smart contracts and DApps with real-life use cases, ranging from decentralized trust funds and open source lottery systems, to ICOs and automated royalty agreements. Each of these applications contain a vulnerability commonly found in smart contracts. Participants can practice exploiting these bugs to steal fake crypto-currencies and win points on a leaderboard.

This platform contains challenges that demonstrate many of the common vulnerabilities found in Solidity smart contracts, including the following:

- Reentrancy
- Integer Underflows/Overflows
- Predictable Randomness
- Insecure Authorization
- Unchecked Low Level Function Calls
- Denial of Service

Exploiting these vulnerabilities will require a deep understanding of the following concepts, all of which will be covered and demonstrated in this course.

* Identifying and avoiding client-side protections
* Communicating with smart contracts directly using a tool like MyEtherWallet
* Understanding and constructing an ABI
* Code reviewing Solidity projects for vulnerabilities
* Writing and deploying attack contracts written in Solidity on the test network

avatar for Mick Ayzenberg

Mick Ayzenberg

Senior Security Engineer, Security Innovation

Monday October 8, 2018 9:00am - Wednesday October 10, 2018 5:00pm PDT