Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27

Tysons Corner Fall 2017

McLean, VA | Sat, Oct 14 - Sat, Oct 21, 2017
This event is over,
but there are more training opportunities.

Hunting Logic Attacks

  • Hassan El Hadary
  • Wednesday, October 18th, 7:15pm - 8:15pm

One of the most challenging problems to developers these days is to develop secure applications. Development platforms have provided several techniques to protect from common attacks such as Cross-Site Scripting, SQL injection, and others. However, logic attacks are still the hardest to stop. It is tricky and hard to discover. Logic attacks could allow an attacker to gain access to sensitive data or get control of unauthorized systems. In the era of IoT and complex applications, logic attacks will have higher impact. In this talk, we will present several logic attack stories that allow attackers to break developer defenses. All stories are inspired from findings discovered in real life professional experience and bug bounty programs. Finally, we will discuss the future of such attacks and its application on IoT systems.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, October 16
Session Speaker Time Type
General Session - Welcome to SANS Keith Palmgren Monday, October 16th, 8:00am - 8:30am Special Events
Everything You Ever Learned About Passwords Is Wrong Keith Palmgren Monday, October 16th, 7:15pm - 9:15pm Keynote
Tuesday, October 17
Session Speaker Time Type
Anti-Ransomware: How to Turn the Tables G. Mark Hardy Tuesday, October 17th, 8:15pm - 9:15pm SANS@Night
Wednesday, October 18
Session Speaker Time Type
Hunting Logic Attacks Hassan El Hadary Wednesday, October 18th, 7:15pm - 8:15pm SANS@Night
Thursday, October 19
Session Speaker Time Type
Plumbing the Depths: ShellBags Eric Zimmerman Thursday, October 19th, 7:15pm - 8:15pm SANS@Night
Windows Management Instrumentation For Good and Evil Jaime Geiger Thursday, October 19th, 8:15pm - 9:15pm SANS@Night