Skip Main Navigation
Page Content

Save This Event

Event Saved

ISSA Portland - September - Hacking a Hackathon

ISSA Portland Chapter

Thursday, September 14, 2017 from 11:30 AM to 1:00 PM (PDT)

Ticket Information

Ticket Type Sales End Price Fee Quantity
ISSA Members (Active)   more info Sep 11, 2017 $10.00 $0.00
ISSA Non-Members   more info Sep 11, 2017 $25.00 $0.00
ISSA Door Price Sep 13, 2017 $30.00 $0.00

Who's Going

Loading your connections...

Share ISSA Portland - September - Hacking a Hackathon

Event Details

Come Join us for our Sepetember Meeting: Hacking a Hackathon

From: 11:30 am to 1:00 pm

Speaker:Alexei Kojenov & Alex Ivkin

 

Speaker Bio:

Alexei Kojenov is a Senior Application Security Engineer with years of prior software development experience. During his career with IBM, he gradually moved from writing code to breaking code. Since late 2016, Alexei has been working as a consultant at Aspect Security, helping businesses identify and fix vulnerabilities and design secure applications.

Alex Ivkin is a senior security architect with experience in a broad array of computer security domains, focusing on Identity and Access Governance (IAG/IAM), Application Security, Security Information and Event management (SIEM), Governance, Risk and Compliance (GRC). Throughout his consulting career Alex has worked with large and small organizations to help drive security initiatives and deploy various types of enterprise-class identity management and application security systems. Alex is an established and recognized security expert, a speaker at various industry conferences, holds numerous security certifications, including CISSP and CISM, two bachelor’s degrees and a master’s degree in computer science with a minor in psychology.

 

Abstract:

Hacking a Hackathon

All modern software, but the most trivial one, relies on common libraries to perform routine work. Your software may be bastion of security, exhaustively tested and evaluated, but once a vulnerability is discovered in a library you depend on, all bets are off. These large and pervasive vulnerabilities quickly become popular targets, exploited by everybody from script kiddies, to professional hackers, to state actors. It is no surprise that the use of vulnerable libraries is included in the OWASP Top 10 list. The Australian Signals Directorate (ASD) lists patching operating systems and applications as two of their top four strategies to mitigate security incidents!

During a recent hacking game, we've identified and exploited a vulnerability not anticipated by the developers. One little crack in a widely used library gave us the footing we needed to construct an attack chain of remote code execution, file upload, data exfil, source code disassembly, and branching into a private network, all despite extremely high level of hardening on the target from unintended attacks. We'll share with you how a safe and fun library exploitation can be in the confines of a hacking game, and how there are serious implications for your corporate applications where the stakes are much higher.

Have questions about ISSA Portland - September - Hacking a Hackathon? Contact ISSA Portland Chapter

Save This Event

Event Saved

When & Where


Portland Building
1120 SW 5th Ave
Portland, OR 97204

Thursday, September 14, 2017 from 11:30 AM to 1:00 PM (PDT)


  Add to my calendar

Organizer

ISSA Portland Chapter

http://portland.issa.org/

 

The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.

With active participation from individuals and chapters all over the world, the ISSA is the largest international, not-for-profit association specifically for security professionals. Members include practitioners at all levels of the security field in a broad range of industries, such as communications, education, healthcare, manufacturing, financial and government.

The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved.

  Contact the Organizer
ISSA Portland - September - Hacking a Hackathon
Things to do in Portland, OR Networking

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.