Hunting Logic Attacks - A Peak at SEC552: Bug Bounties & Responsible Disclosure

Tuesday, 19 Jan 2021 3:30PM EST (19 Jan 2021 20:30 UTC)
Speaker: Hassan El Hadary

Bug bounty programs are put in place so that the security community can help vendors discover tricky and challenging application security flaws. SEC552 is inspired from real-life examples of web and mobile app attacks found in various bug bounty programs. This talk will give an overview on the course and show how it can yield ideas about unconventional attack techniques and mindsets. During the talk, we will focus on tricky logic attack techniques. We will present and demo several attack stories inspired from findings discovered in real life professional experience and bug bounty programs that allow attackers to break defenses.

Login to Register

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming

November 16, 2023

A Visual Summary of SANS HackFest Summit

Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023

Offensive Operations, Pen Testing, and Red Teaming, Penetration Testing and Red Teaming

October 4, 2023

SEC670 Prep Quiz Answers

Answers for the SEC670 Prep Quiz. For more details about the course and the quiz, please clickthrough to see the quiz article.

Jonathan Reiter