Application Security Tips and Tricks
Application Security (AppSec) is one of the most important sets of processes focused on protecting applications from various kinds of security threats. Appsec enhances product’s maturity, lowers external security tests expenses making software more protected in general.
Sometimes people confuse QA testing and Appsec, while these two are completely different things. Short and simple explanation: QA is about if a software functioning properly and does all needed things; appsec is about software’s vulnerabilities and mitigating these vulnerabilities
We start the deep dive into the most common and critical vulnerabilities that affect applications of all kinds, their discovery techniques, and mitigation strategies that will empower product engineering. The workshop is designed to be useful both from the perspective of a learner who starts a bug hunting journey, as well as software engineers or penetration testers who want to dig deeper into the application security topics.
During the workshop, you will research various software attack techniques, tools, , and procedures to exploit vulnerabilities in different applications. We will embark on the paths and go from zero knowledge about vulnerabilities to automation of the bug hunting routine.
This workshop is based on practical examples, real vulnerabilities and real vulnerability research tricks
Sergey is obsessed with vulnerability research. He started as a developer many years ago and switched to the security area after several crashes of his own application. He used to be a malware analyst, web pentester and vulnerability researcher during his work in Kaspersky and Sec-Consult. Nowadays he works for Amazon in AWS Security. For his long career he has got many CVE's. Sergey is a regular speaker on different security conferences