OWASP AppSec Israel 2017: Bleeding Secrets!

Back To Schedule

Bleeding Secrets!

Feedback form is now closed.

We do our best to protect the servers' information using security controls like TLS communication, Firewall and advanced security cloud services, but then they bleed secrets (arbitrary pieces of memory are leaked to a potential attacker).

This talk observes three zero days found within security solutions (two from this year) that can be the cause for data breaches like the one from May 31 where OneLogin was breached and encrypted secrets were stolen in clear text.
We will review code, understand the vulnerabilities, assess the root cause, challenge a few assumptions (on open-source, security solutions and others) and review some best practices that can help prevent such vulnerabilities.

Speakers

Ofer Rivlin

Product Security Lead, CyberArk

Leading the product security at CyberArk. 10 years of experience as a cybersecurity architect of enterprise, cloud, connected cars and security products, as well as a senior security researcher. 10 years of experience as a developer and architect before entering the security domain.Led... Read More →

Bleeding Secrets ppsx

Wednesday October 18, 2017 11:05 - 11:50
Main Auditorium

Builder

Technical Level All

Attendees (138)

y
B
Y
B
T
Y
N
M
T
M
g
A
R
M
D
E
M
D
N
M
E
R
View All →

OWASP AppSec Israel 2017

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Ofer Rivlin

Attendees (138)