Developer and Application Security expert at Sberbank. Engaging in automatization
of AppSec practices. At loose hours research in different areas
of cybersecurity.
Rewrite code for each update of your favorite framework or keep track
of vulverability database of NIST? Delete vulnerable component from
internal repository or understand is vulnerability applicable for us?
How to start scan 500 kkloc and keep teams informed about vulnerabilities
of components used by them?
We’ll tell about our approach to open-source security: how we reuse
data of other Appsec practices, how we change tools for our needs and
what for us is lack in modern OSS scaners.
If security researcher is bored in hotel at night —
it’s time for vulnerabilities!
The story is about specific of authentication in information and
communication system which is embedded in TVs in some hotels
wolrdwide. This specifity allows adversary to get access to user panel
of arbitrary user which disclose some personal data and make possible to interact
with kitchen and hotel administration.