Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 13 • 3:30pm - 4:30pm
How to Find the Next Great Deserialization CVE

Sign up or log in to save this to your schedule and see who's attending!

The talk will generalize the recent spate of deserialization attacks, including a brief discussion of an originally authored exploit for a recently discovered CVE. 

The commonalities between deserialization attacks will then be discussed, laying the framework for a "how to" guide on finding and exploiting deserialization vulnerabilities.

The talk will also explain the incredible difficulty faced when using traditional appsec defenses (input validation, signaturing) to stop these vulnerabilities, and explain free and open source options for builders to protect themselves from such attacks.

Speakers
avatar for Arshan Dabirsiaghi

Arshan Dabirsiaghi

Chief Scientist, Contrast Security
Arshan is an accomplished security researcher with over 10 years of experience advising large organizations on application security. Prior to Contrast Security, Arshan spent 8 years at Aspect Security in a research role where he used static and dynamic technology to perform security assurance work, including code reviews, architecture reviews and penetration testing. From his experience at Aspect Security, Arshan quickly discovered that... Read More →


Thursday October 13, 2016 3:30pm - 4:30pm
Grand South Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001

Attendees (48)