DAY 3, 23 MAY
12:00 - 12:45
Security
ABOUT THE SPEAKER
Ihor Uzhvenko is Information Security specialist focused on security mechanisms implementation on all software development stages (Secure SDLC).
Started career at CERT-UA (Computer Emergency Response Team of Ukraine) and became ideological follower of security in the digital environment.
Later combined work as Penetration Tester and Secure Development Consultant at different projects: from finances and cryptocurrency to healthcare and travels.
Started project ByteCode with aim to conduct business efficient Cybersecurity Services.
Talk: Pentest Expectations
What do pentesters looking for and what customers wish to receive in their reports?
Examples of easy account compromise.
• Account Takeover
• Logic Bypass
• Remote Code Execution
• Easy Exploitation
What do pentesters investigating rest of the project time?
Classic OWASP checklist.
• XSS
• CSRF
• Session Fixation
• IDOR
• Information Disclosure
• Unlimited Email Spam
• ARP poisoning
• Mountable NFS volumes
What do pentesters still have to report when system is almost safe?
• Versions
• Ciphers
• Headers
• Checklists
• False Positives
• Automatic Reports