Application Security (AppSec) is one of the most important sets of processes focused on protecting applications from various kinds of security threats. Appsec enhances product’s maturity, lowers external security tests expenses making software more protected in general.
Sometimes people confuse QA testing and Appsec, while these two are completely different things. Short and simple explanation: QA is about if a software functioning properly and does all needed things; appsec is about software’s vulnerabilities and mitigating these vulnerabilities
We start the deep dive into the most common and critical vulnerabilities that affect applications of all kinds, their discovery techniques, and mitigation strategies that will empower product engineering. The workshop is designed to be useful both from the perspective of a learner who starts a bug hunting journey, as well as software engineers or penetration testers who want to dig deeper into the application security topics.
During the workshop, you will research various software attack techniques, tools, , and procedures to exploit vulnerabilities in different applications. We will embark on the paths and go from zero knowledge about vulnerabilities to automation of the bug hunting routine.
This workshop is based on practical examples, real vulnerabilities and real vulnerability research tricks
Vladimir Dashchenko is a security expert at Kaspersky ICS CERT. Previously he used to work as a vulnerability research team leader and as a threat intelligence team leader. He started his career as a security engineer at the Russian Federal Space Agency. He is also a proud member of the BEER-ISAC and RUSCADASEC communities. Vladimir is also a regular speaker at various security conferences, such as SAS, CS3STHLM, Zeronights, OffZone, Positive Hack Days, Bsides etc..