Name: How to Find the Next Great Deserialization CVE
Start: 2016-10-13T15:30:00-0400
End: 2016-10-13T16:30:00-0400

Back To Schedule

How to Find the Next Great Deserialization CVE

The talk will generalize the recent spate of deserialization attacks, including a brief discussion of an originally authored exploit for a recently discovered CVE.

The commonalities between deserialization attacks will then be discussed, laying the framework for a "how to" guide on finding and exploiting deserialization vulnerabilities.

The talk will also explain the incredible difficulty faced when using traditional appsec defenses (input validation, signaturing) to stop these vulnerabilities, and explain free and open source options for builders to protect themselves from such attacks.

Speakers

Arshan Dabirsiaghi

Chief Scientist, Contrast Security

Arshan is an accomplished security researcher with over 10 years of experience advising large organizations on application security. Prior to Contrast Security, Arshan spent 8 years at Aspect Security in a research role where he used static and dynamic technology to perform security... Read More →

Thursday October 13, 2016 3:30pm - 4:30pm EDT
Grand South Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001

Tracks, Builder/Breaker

Attendees (48)

R
K
J
S
g
T
C
P
R
View All →

AppSec USA 2016

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Arshan Dabirsiaghi

Attendees (48)