OWASP AppSec Israel 2017: Bleeding Secrets!

View analytic

Bleeding Secrets!

Feedback form is now closed.

We do our best to protect the servers' information using security controls like TLS communication, Firewall and advanced security cloud services, but then they bleed secrets (arbitrary pieces of memory are leaked to a potential attacker).

This talk observes three zero days found within security solutions (two from this year) that can be the cause for data breaches like the one from May 31 where OneLogin was breached and encrypted secrets were stolen in clear text.
We will review code, understand the vulnerabilities, assess the root cause, challenge a few assumptions (on open-source, security solutions and others) and review some best practices that can help prevent such vulnerabilities.

Speakers

Ofer Rivlin

Product Security Lead, CyberArk

Security Architect and Researcher. | Leading the R&D product security at CyberArk | Previously a security architect of enterprise and cloud solutions at SAP and General Motors, as well as a senior security researcher (Mobile, Java, Android and IOS) and a senior software archi... Read More →

Wednesday October 18, 2017 11:05 - 11:50
Main Auditorium

Builder

Technical Level All

Attendees (140)

y
B
Y
L
B
T
Y
N
M
T
M
g
A
R
M
D
E
M
D
N
M
E
R
R
View All →

OWASP AppSec Israel 2017

Log in to save this to your schedule and see who's attending!

Ofer Rivlin

Attendees (140)

Recently Active Attendees