Continuous Hacking
Omer Levi Hevroni at All The Talks 2020 - Security
There are so many sophisticated ways to exploit web applications, that it’s almost impossible for a developer to write completely secure code. But we can’t accept this situation. We can’t expose our users (and our user's data) to hackers.
So what we can do? We can switch from defense to offense. We can take hacking tools, used by malicious hackers, and use them to test our web application for security issues.
In this talk, we will take a vulnerable web application, and try to find as many vulnerabilities as we can - using only automated tools. I’ll discuss the vulnerabilities we find, explain why we should care - and how we can remediate it securely. All the tools I’ll use are tools you can start using today - to scan your applications and make sure you deploy more secure applications.
Omer Levi Hevroni
I’ve been coding since 4th grade when my dad taught me BASIC, and I got hooked. From that point, I learned to code in many programming languages (today my favorite is C#). I’m currently working at Soluto by Asurion, and coding is a huge part of my day job.
My passion for AppSec started by accident when I was offered the role of security champion. The AppSec journey was (and still is) fascinated, and taught me a lot. OWASP helped me a lot during this journey; This is why I decided to become a paying member and also leading OWASP Glue.
My current job is DevSecOps – helping the entire team to produce more secure software. Besides my job, I’m also giving a lot of talks all over the world, and heavy OSS contributor – mainly to Kamus, a secret encryption solution for Kubernetes platform.
When I’m not working – I’m enjoying the company of my two beloved kids.
So what we can do? We can switch from defense to offense. We can take hacking tools, used by malicious hackers, and use them to test our web application for security issues.
In this talk, we will take a vulnerable web application, and try to find as many vulnerabilities as we can - using only automated tools. I’ll discuss the vulnerabilities we find, explain why we should care - and how we can remediate it securely. All the tools I’ll use are tools you can start using today - to scan your applications and make sure you deploy more secure applications.
Omer Levi Hevroni
I’ve been coding since 4th grade when my dad taught me BASIC, and I got hooked. From that point, I learned to code in many programming languages (today my favorite is C#). I’m currently working at Soluto by Asurion, and coding is a huge part of my day job.
My passion for AppSec started by accident when I was offered the role of security champion. The AppSec journey was (and still is) fascinated, and taught me a lot. OWASP helped me a lot during this journey; This is why I decided to become a paying member and also leading OWASP Glue.
My current job is DevSecOps – helping the entire team to produce more secure software. Besides my job, I’m also giving a lot of talks all over the world, and heavy OSS contributor – mainly to Kamus, a secret encryption solution for Kubernetes platform.
When I’m not working – I’m enjoying the company of my two beloved kids.