• Infosec In the City (IIC)

Web Application Bug Hunting: Fundamentals and Learning Path — by Denis Makrushin

Updated: Jan 1

SINCON 2020 Conference Workshop Track


Day 2 (3 Jan 2021)

2pm—4pm

@ Workshop Room


[SINCON 2020 Conference Full Schedule]


Abstract

The process of web-endpoint discovery to pivoting in internal network via exploitation of web attacks could be automatized. During the daily routine bug hunters and security engineers have tons of useful tools and techniques that allow them to identify and bypass various protection technologies using in application security. During the workshop, you will research the web application attacks, tools, techniques and procedures to exploit web vulnerabilities. We will embark on the paths and go from zero knowledges about web vulnerabilities to automation of the bug hunting routine.


About Denis Makrushin

DENIS MAKRUSHIN is a security researcher and consultant focusing on vulnerability assessment and product security. Denis formerly worked for Ingram Micro as the Head of Application Security. He built and implemented a product security program for an enterprise-scale platform used by companies from the Fortune 100 list.


More recently, as a Security Researcher with the Global Research and Analysis Team at Kaspersky, he focused on vulnerability research and security assessment of emerging technologies.


Denis has trained and presented at many international conferences, including DEF CON, RSA Conference, Security Analyst Summit, and Infosecurity, as well as at multiple closed-door industry events. He holds a master's degree in Information Security from the National Research Nuclear University.

304 views0 comments