English
Conference for professionals in the information technology industry

Ovechenko Kateryna

QA Coordinator
ITERA
Ukraine
Kiev

Biography:

.

Talks

Internet of vulnerable things

06.07.2016

Today more and more smart devices integrate into our lives. Every day these devices gather tons of personal information that is further processed and stored in the cloud. But how one can be sure that these devices don't have vulnerabilities and that our data is properly protected? 

Let's follow the trends and talk about security of Internet of things. 

What will be discussed: 

- IoT-specific vulnerabilities 

- what is the difference between IoT security and common security testing? 

- what to start from and where to practice?

Audience level
Lightning Talk (20 min)

Fuzzing - leave hackers with nothing!

26.02.2015

Consider an integer in a program that stores the result of a user's choice between 3 questions. When the user picks one, the choice will be 0, 1 or 2, which makes three practical cases. But what if we transmit 3 or 255? If the default switch case hasn't been implemented securely, the program may crash and lead to classical security issues: exploitable buffer overflow, DoS etc.

Fuzzing is the art of automatic vulnerabilities finding providing malformed or semi-malformed data to the input of the program.

In the training I will explain how to apply this technique on practice, what preparations are required before start and show frameworks that help to automate this process.

Audience level
Workshop (40 min)

Security of user sessions in web-applications: practical examples

31.01.2014
"86% of all websites had at least one serious vulnerability" WhiteHat Security Application vulnerabilities related to session management take 2nd place in TOP 10 vulnerability list. With vulnerabilities in session management mechanism attacker can compromise passwords or session tokens, or to exploit other implementation flaws to impersonate another user. During this master-class we are going to: - investigate in details web-session and its attributes - try on live examples most well-known vulnerabilities in sessions - provide recommendations how to prevent session vulnerabilities - analyze several tools useful for security testing of sessions in web-application The following vulnerabilities will be analyzed: Session fixation, Session hijacking, Cross-Site Request Forgery, Phising. This training will get you acquainted with basics in web-session, how they should be tested from security perspective, as well as provide you with main knowledge to start testing in your web-application.
Audience level
Workshop (1h 30 min)