DAY 2, 28 March
12:00 - 12:45

Security

Igor-Uzhvenko
Technical Lead
ByteCode
Ukraine
Russian
For All

ABOUT THE SPEAKER

Ihor Uzhvenko is Information Security specialist focused on security mechanisms implementation on all software development stages (Secure SDLC).
Started career at CERT-UA (Computer Emergency Response Team of Ukraine) and became ideological follower of security in the digital environment.
Later combined work as Penetration Tester and Secure Development Consultant at different projects: from finances and cryptocurrency to healthcare and travels.
Started project ByteCode with aim to conduct business efficient Cybersecurity Services.

Talk: Pentest Expectations

What do pentesters looking for and what customers wish to receive in their reports?
Examples of easy account compromise.
• Account Takeover
• Logic Bypass
• Remote Code Execution
• Easy Exploitation
What do pentesters investigating rest of the project time?
Classic OWASP checklist.
• XSS
• CSRF
• Session Fixation
• IDOR
• Information Disclosure
• Unlimited Email Spam
• ARP poisoning
• Mountable NFS volumes
What do pentesters still have to report when system is almost safe?
• Versions
• Ciphers
• Headers
• Checklists
• False Positives
• Automatic Reports