AppSec.Zone

All about secure development

Are you passionate about bug hunting? Are you a bug bounty participant and a fan of quotation marks? Don’t miss out on AppSec.Zone! Here you can learn how to develop applications that won’t get hacked.

  • August 25
  • August 26
Filter
×
Clear filter
Start 
End 

August 25

August 25
12:00–13:00
The insidious world of open-source through the developer's and the user's eyes
AppSec.Zone
Russian
We all use open‑source software and enjoy the variety and functionality of programs that have been created for us. The downside of flexibility and functionality is the possibility of making a mistake that leads to vulnerabilities in the design, code, and configuration of applications. This talk ...
August 25
13:00–14:00
CTF in a bank. Hack the system, get the ca$h
AppSec.Zone
Russian
A CTF‑style cybersecurity competition is part of a training program on secure design and programming of information systems. The CTF allows developers to get hands‑on experience with typical vulnerabilities and exploitation techniques to avoid any such vulnerabilities in released products ...
August 25
14:00–15:00
How Privacy Sandbox broke the web, but promised to fix it
AppSec.Zone
Russian
What is a Privacy Sandbox? What problems are being solved with it, and what problems are eventually created by rejecting third‑party cookies? Let’s discuss the proposed technologies (FPS, CHIPS, FedCM, etc.) and the current status of their adoption ...
August 25
15:00–16:00
Using tokens for secrets search or imitating SAST
AppSec.Zone
Russian
Finding secrets in a codebase is an essential stage of any mature SDLC. This report is about Avito’s approach to finding secrets in their codebase and docker images. The speaker will talk in depth about the process in the context of SDLC, why the current open source does not cover all needs, and most ...
August 25
16:00–17:00
Ultimate Open-Source SAST
AppSec.Zone
Russian
This presentation will cover SAST Semgrep and its integration into CI/CD. It will explore the basics of writing own scanning rules ...
August 25
17:00–17:30
The specifics of modern web application security analysis. Goodbye, injection!
AppSec.Zone
Russian
Modern frameworks eliminate a whole layer of security issues that were commonplace just a few years ago. In the report, the speaker will show what the security analysis of modern web applications looks like and share his experience in improving the efficiency of this approach ...
August 25
17:30–18:00
Mistakes We Make: SDLC Implementation
AppSec.Zone
Russian
The report talks about the mistakes that the speaker made when implementing SDLC from scratch and the lessons learned from these mistakes that may help in the future ...