»OWASP Top-10 A2: Broken Authentication« Svyatoslav Login; Talk (40 minutes)
Broken Authentication and what attack vectors it has.
»Application Threat Modeling« Vlad Styran; Talk (40 minutes)
In this talk, I am going to walk the audience through the Threat Modeling introduction. The program will consist of the overview of popular Threat Modeling methodologies and available tools.
»Email as an initial attack vector« Arthur Hil; Talk (40 minutes)
Email as an element of attack kill-chain. Some interesting examples of phishing emails.
»Building SQL firewall: insights from developers« Artem Storozhuk; Talk (40 minutes)
How SQL firewalls can help to protect databases from SQL injections: the main difference from WAFs, common usage scenarios, pros, and cons. Developing SQL firewall is a hard task – we will share insights about parsing SQL protocols, matching rules, hidden dangers of logging, best of configuration...
»Web Application Firewall bypass techniques Workshop« Bohdan Lukin; Workshop (90 minutes)
A short demonstration of essential Web Application Firewall bypass techniques with 3 practical examples related to SQL Injection and XSS attacks.
»Introduction lstio Service Mesh« Stanislav Kolenkin; Talk (40 minutes)
We will talk about Service Mesh and Istio.
»Subdomain discovering as an essential part of the reconnaissance phase« Kostiantyn Sanduliak; Workshop (90 minutes)
In this presentation, I will talk about: DNS, DNS scrapping, DNS enumeration, and subdomain takeover.