Cover Image for Sprint26: Hardening the Build
Cover Image for Sprint26: Hardening the Build
Hosted By
Infospace Meta
Malachi Gatonga
18 Going
Tech

Sprint26: Hardening the Build

Hosted by Infospace Meta & Malachi Gatonga
Kenya National Library Services-Nakuru
Nakuru, Kenya
Registration
Welcome! To join the event, please register below.
You will be asked to verify token ownership with your wallet.
About Event

Quality and security are not features—they are systemic properties emergent from how every single line of code is written. While the previous session gave us the adversarial mindset, this session puts that mindset to work. We are moving from theory to execution, auditing and hardening the Zetu codebase against the exact attacks that plague production fintech in the real world. This is the session where our software earns the right to handle actual user funds.

In this high-stakes finale to our core engineering arc, we dive deep into SWEBOK Chapter 13 (Software Security), anchored by the brand-new OWASP Top 10:2025 standards, NIST SP 800-63, and the Kenya Data Protection Act (DPA) 2019.

What we’ll cover:

  • The OWASP Top 10:2025 Landscape: A breakdown of the newly updated vulnerabilities biting fintech hardest—specifically the massive shifts in Security Misconfiguration, Broken Access Control, and Mishandling of Exceptional Conditions.

  • Four Uncompromising Patterns: Security habits you must be able to write from memory: disciplined input validation, bulletproof authentication, first-class authorization, and zero accidental data exposure.

  • Fintech Threat Modeling: Facing the threats unique to our ecosystem—M-Pesa callback spoofing, double-debits through unhandled retries, and race conditions during payouts.

  • The Regulatory Reality: Navigating the Kenya Data Protection Act 2019, ODPC enforcement actions, and the strict 72-hour breach notification window. Learn how "best practice" patches become legal prerequisites.

The Codelab: We are putting the Zetu codebase under a rigorous production-grade security audit. Together, we will:

  • Conduct a live vulnerability assessment using an adversarial worksheet to locate and patch three critical flaws (SQL injection, exposed secrets, and improper auth).

  • Write regression tests for every single patch to prove the vulnerability can never return.

  • Implement zero-trust, centralized input validation across all endpoints using advanced NestJS ValidationPipe configurations and typed DTOs.

  • Audit our payment architecture against fintech threats to produce /docs/security/mpesa-review.md—the exact documentation the ODPC expects to see in an audit.

Location
Kenya National Library Services-Nakuru
P37C+GJC, Government Rd, Nakuru, Kenya
Library Building, America Spaces Floor Show your Ticket on the Front Desk Please note: Photos and videos may be taken during the event for documentation and promotional purposes. By attending, you consent to being photographed or recorded. If you prefer not to appear in any photos or videos, kindly inform the organizers in advance.
Hosted By
Infospace Meta
Malachi Gatonga
18 Going
Tech