BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:5524bbf4-f2b1-4d32-928f-c670d2ce97b8
DTSTAMP:20260608T202744Z
SUMMARY:SCAGoat - Exploiting Damn Vulnerable SCA Application : Prashant Ven
 katesh : Hare Krishna Rai
DESCRIPTION:Title: SCAGoat - Exploiting Damn Vulnerable SCA Application\nPr
 esenter: Prashant Venkatesh\nCo-Presenter: Hare Krishna Rai\nLocation: W30
 5\nDay\,Time: Fri Aug 9 \, 2PM - 3:45PM\nAudience: Security Research\, Sec
 urity Engineers\, DevOps\nProject: https://github.com/harekrishnarai/Damn-
 vulnerable-sca\n\nAbstract:\nSCAGoat is a deliberately insecure web applic
 ation designed for learning and testing Software Composition Analysis (SCA
 ) tools. It offers a hands-on environment to explore vulnerabilities in No
 de.js and Java Springboot applications\, including actively exploitable CV
 Es like CVE-2023-42282 and CVE-2021-44228 (log4j). This application can be
  utilized to evaluate various SCA and container security tools\, assessing
  their capability to identify vulnerable packages and code reachability. A
 s part of our independent research\, the README includes reports from SCA 
 tools like semgrep\, snyk\, and endor labs. Future research plans include 
 incorporating compromised or malicious packages to test SCA tool detection
  and exploring supply chain attack scenarios.\n\nBios:\n* Presenter:\nPras
 hant Venkatesh is an information security expert with over 20 years of exp
 erience. He presently works as Manager\, Product Security at an ecommerce 
 company. Prashant is an enthusiastic participant in the field who consiste
 ntly coordinates\, reviews papers\, and presents his work at numerous Info
 Sec conferences\, including Blackhat Nullcon and c0c0n. He is also active 
 through the OWASP Bay Area chapter Leadership and is co-founder of the ann
 ual Seasides Conference in India.\n* Co-Presenter:\nAs a Product Security 
 Engineer\, Hare Krishna Rai's passion for cybersecurity drives him to exce
 l in various areas. He specializes in conducting penetration testing\, act
 ively participates in security Capture The Flag (CTF) competitions\, and p
 erforms code reviews to ensure secure code development. His expertise exte
 nds to leveraging Static Application Security Testing (SAST) techniques in
  languages like Java\, Python\, JavaScript\, JSP\, among others.
URL:https://forum.defcon.org/node/249617
DTSTART:20240809T220000Z
DTEND:20240809T234501Z
LOCATION:W305
END:VEVENT
END:VCALENDAR