Amit Ashbel

Cyber Security Evangelist, Checkmarx

Paper Title

Application Security workshop

Abstract

This three part workshop designed for AppSec Professionals and developers covers Application Security concepts including gamification of education, understanding and addressing code vulnerabilities in web and mobile applications and reviewing the state of mobile application security today.

Part 1:

Game of Hacks: Play, Hack & Track

Game of Hacks, built using the node.js framework, displays a range of vulnerable code snippets challenging the player to locate the vulnerability.

  • Learn how and why vulnerabilities were planted within Game of Hacks
  • See real attack techniques (some caught us off guard) and how we handled them
  • Hear what to watch out for on the ultra-popular node.js framework.
  • Compete for a cool prize in a real-time Application Security challenge

Part 2:

Addressing Web and Mobile Vulnerabilities Efficiently

Analyze web and mobile application scan results together with the audience and understand how to properly address vulnerabilities as part of the software development life cycle.

Part 3:

Think Your Mobile App Is Secure? Think Again...

Secure coding is crucial when it comes to mobile applications. Unfortunately it seems that most applications are still exposing themselves to risks which can be mitigated by employing secure coding practices from the start.

Research by Checkmarx and AppSec-Labs reveals a troubling picture where applications expose an average of three or more critical application vulnerabilities.

During this session we will:

  • Review the findings of the “State of Mobile Application Security Report”
  • Understand the limitations of mobile application security solutions
  • Discuss the risks introduced by hybrid application development

Speaker Bio

Amit has been with the security community for over a decade where he has taken on multiple tasks and responsibilities, including technical positions and senior product lead positions.

Amit has experience with a wide range of security solutions including network, endpoint, fraud detection, and application security. This, in addition to his familiarity with emerging threats, allows him to address multiple aspects of an organization’s security portfolio while constantly studying how organizations can adapt to the ever changing landscape.

Amit speaks at high profile events and conferences such as Blackhat, Defcon, OWASP, and others.

Copyright © 2016-17 | Nullcon India | International Security Conference | All Rights Reserved