View analytic
Wednesday, October 18 • 11:05 - 11:50
Bleeding Secrets!

Log in to save this to your schedule and see who's attending!

Feedback form is now closed.
We do our best to protect the servers' information using security controls like TLS communication, Firewall and advanced security cloud services, but then they bleed secrets (arbitrary pieces of memory are leaked to a potential attacker).

This talk observes three zero days found within security solutions (two from this year) that can be the cause for data breaches like the one from May 31 where OneLogin was breached and encrypted secrets were stolen in clear text.
We will review code, understand the vulnerabilities, assess the root cause, challenge a few assumptions (on open-source, security solutions and others) and review some best practices that can help prevent such vulnerabilities.

avatar for Ofer Rivlin

Ofer Rivlin

Product Security Lead, CyberArk
Security Architect and Researcher. | Leading the R&D product security at CyberArk | Previously a security architect of enterprise and cloud solutions at SAP and General Motors, as well as a senior security researcher (Mobile, Java, Android and IOS) and a senior software archi... Read More →

Wednesday October 18, 2017 11:05 - 11:50
Main Auditorium
  • Technical Level All