[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Taler] Security Workshop on Merchant Integration starts on Monday, 19.7
|
From: |
Özgür Kesim |
|
Subject: |
[Taler] Security Workshop on Merchant Integration starts on Monday, 19.7. |
|
Date: |
Sat, 17 Jul 2021 21:03:11 +0200 |
Hello Taler-team,
on Monday 19.7. begins an online-workshop - daily for a whole week - on
the security of the Taler Merchant integration. The workshop is
held/organized by Code Blau GmbH (my company) and is open to all
developers of GNU Taler and especially for C-programmers of the merchant
code.
The workshop will start at 13:00 CET and might go up to 21:00 CET -
depending on our mental capacity (will have breaks). We can then also
negotiate the schedule for the rest of the week on Monday.
Here are the goals and the rough agenda for the workshop:
- Subject matter is the code in GNU Taler related to merchant
functionality: backend-services specifically for the merchant and code
for integration with the infrastructure of the merchant.
- The goal is to identify potential risks in the architecture and the
code, find mitigations for them and generally improve the security
posture - where possible - with a focus on the merchant system and its
integration in the merchant's environment.
- The development team from Taler System SA will (hopefully :)) give us
an introduction into the merchant system(s) and the related code base:
its components, the software- and IT-architecture and the protocols;
we will create an overview of all data defined in the system, their
particular need for protection and privacy, their flow between
components and other systems and an inventory of defined roles and
permission model for authentication and access control in all parts of
the system.
- With this knowledge - and while building it - we will try to find
attack vectors, weaknesses in the code base and also discuss potential
mitigations. Here, also best-practices in C-programming will be
presented and discussed where applicable.
The overall structure of the workshop will be informal, yet our work
thorough and with due-dilligence. More like exploring the unknown
territory in a role-player game, rather than following a pre-calculated
trajectory to Mars.
The virtual space-time coordinates are:
Start: Monday, 19.7. 13:00 CET
Jitsi: https://pipe.codeblau.de/taler
PW: workshop
(if I manage to set it in time)
Please drop me a note if you want to participate. That way I would
know how many participants to expect and wait for... and maybe sent
you a different password for our Jitsi-server to your email-address
:)
Bring your favourite editor! Hope to see you there!
Cheers,
Özgür
--
Code Blau GmbH fon: +49 30 650 04 524
Klemkestr. 39 fax: +49 30 551 45 804
13409 Berlin http://www.codeblau.de/
Geschäftsführer: Özgür Kesim, Felix von Leitner
Amtsgericht: Charlottenburg Berlin
Handelsregister: HRB 84777
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Taler] Security Workshop on Merchant Integration starts on Monday, 19.7.,
Özgür Kesim <=