DevConf.US 2020 is the 3rd annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to a web browser near you!
As a QE or Developer, we have the power. The power to find new bugs/flaws with the code, which others could not find and at the same time. In this talk, I will present how QE engineers, Developer or Anyone who is interested in filling CVE bugs can work proactively with InfoSec or ProdSec team to find some security vulnerabilities in different features of the web in functionality testing. The agenda will be like: * Goals of offensive bug hunting and what are some approaches to agressive bug hunting i.e burpsuite, ZAP etc * Some common vulnerabilities to check for in your project i.e OWASP Top 10 * Attacks in Action ( Demonstration of video POC's ): - Application-level Dos ( Denial of Service ) - Host Header Injection ( redirection, cache poisoning & password reset poisoning ) - URL/Open Redirection and etc.
Associate Quality Engineer at Red Hat, Passionate Security Tester, 2+ years of experience in reporting security vulnerabilities at numerous vulnerability disclosure programs.
Friday September 25, 2020 15:20 - 16:05 EDT
PixiesVirtual
Video Stream