Arcane Web and Mobile Application Vulnerabilities | SANS@MIC Talk

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=uj5grEtXfh4


Category:
Guide
Duration: 1:10:12
607 views
13

In this presentation, Bojan Zdrnja, senior SANS Internet Storm Center and CTO of a Croatian information security company INFIGO IS will go through some not so common, but devastating nevertheless, web and mobile application vulnerabilities.

Bojan's team performs almost 200 application penetration tests per year and finds a lot of critical vulnerabilities that are often overlooked not only by developers, but also by penetration testers.

We will not cover the typical, common vulnerabilities such as XSS, SQL injection and similar, that everyone (should - but they don't) know about, but will instead turn to less commonly known vulnerabilities and attack vectors on both web and mobile applications.

It does not matter if you are red, blue or purple team - details about discussed vulnerabilities will help improve your application security knowledge.

Speaker Bio

Bojan Zdrnja is Chief Technical Officer and leads the penetration testing team at INFIGO IS, a security company based in Croatia and, more recently, the UAE.

A graduate from the University of Zagreb, Faculty of Electrical Engineering and Computing, he holds a B.S in Engineering with specialization in computer sciences. After graduating in 2002, Bojan moved to New Zealand where he worked as a Security Officer at the University of Auckland for 5 years. He's very passionate about security - network, web, mobile, IoT - you name it, he wants to break it!

Bojan holds numerous certifications, including GCIA, GCIH, GWAPT, GXPN, GMOB, GMON, GREM, as well as CISSP.

Among other periodicals, Bojan has written a security column for a leading Croatian computer magazine, is the Author of Croatian publication What are computer viruses?, Contributor to AVIEN Malware Defense Guide for the Enterprise, and he's also a senior SANS Internet Storm Center handler. When time permits, he publishes diaries about various exotic security issues that he encounters during assessments, or about analyzed attacks and malware.



Other Videos By SANS Institute


2020-06-30Leveraging Organizational Change to Build a Strong Security Culture
2020-06-26SEC510: Multicloud Security Assessment and Defense | SANS@MIC Talk
2020-06-26Threat Hunting via DNS | SANS@MIC Talk
2020-06-26No SQL Injection in MongoDB Applications | SANS@MIC Talk
2020-06-26Untapped Potential - SANS Blue Team Summit 2020
2020-06-23Using the Cloud to Provision Infrastructure with Software | SANS@MIC Talk
2020-06-22Cyber Security Career Development: Personal Branding
2020-06-19The Only Constant is Change: Tracking Adversary Trends | STAR Webcast
2020-06-18Maldocs: A Bit of Blue, A Bit of Red | SANS@MIC Talk
2020-06-18Catch and Release: Phishing Techniques for the Good Guys | SANS@MIC Talk
2020-06-16Arcane Web and Mobile Application Vulnerabilities | SANS@MIC Talk
2020-06-16A Walk Through Logs Hell | SANS@MIC Talk
2020-06-12Shellcode Analysis 101 | SANS@MIC Talk
2020-06-09SANS Live Online Interactive Remote Lab and Range Demo – SEC599: Defeating Advanced Adversaries
2020-06-09SANS Live Online Interactive Local Lab Demo – FOR508: Advanced Incident Response
2020-06-09SANS Live Online Interactive Live Lab Environment Demo: Slack, Local and Remote Lab Demonstrations
2020-06-09CYA by Using CIA -- Correctly For a Change | SANS@MIC Talk
2020-06-09Remote Forensic Investigations in the Context of COVID-19 | SANS@MIC Talk
2020-06-05Waiting for a cyber range exercise is not enough | SANS@MIC Talk
2020-06-03Case Study: Airbus
2020-06-02WinSCP: Yeah you know me! | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
Web
Mobile
Vulnerabilities