Mohan Kallepalli

Security Analyst, Flipkart

About speaker

Mohan Kallepalli is currently working with Flipkart. He is a Security Engineer for the company and a programmer at leisure. He has presented at Blackhat Arsenal USA 2018 and conducted CTF at Nullcon 2017. On the one hand he would love to report bugs to companies, but writing exploits for them when the companies don't take them seriously is a much more interesting can of worms.
November 16
16:00 — 17:00
Main Track
English
The current approach of teaching application security involves blindly attacking applications which are intentionally vulnerable (like DVWA/Webgoat). This approach has the inherent drawback of never guiding users on how to fix the vulnerabilities being exploited. Hence, as far as developers/students are concerned, their takeaways are limited to identification and exploitation.

In this talk, we plan to introduce a new method in teaching/learning security with a hands-on approach, the use of which can teach users both offence and defence (focusing equally on both) in one place. In order to achieve this better teaching mechanism, we have created a framework making use of Docker containers as an effective sandbox environment through which users are given vulnerable source code which they are to fix and submit. The submitted code is then automatically executed inside the container and the results are analyzed through a series of unit tests.

Kurukshetra (the framework we are introducing) would immensely help the companies by teaching secure coding practices to developers in an effective way, which in turn would reduce the number of vulnerabilities in the long run.