Final Week for OnDemand Special Offer: iPad mini, Surface Go 2, or Take $300 Off thru 9/30

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Hunting Logic Attacks - A Peak at SEC552: Bug Bounties & Responsible Disclosure

  • Thursday, August 27, 2020 at 3:30 PM EDT (2020-08-27 19:30:00 UTC)
  • Hassan El Hadary

You can now attend the webcast using your mobile device!

  

Overview

Bug bounty programs are put in place so that the security community can help vendors discover tricky and challenging application security flaws. SEC552 is inspired from real-life examples of web and mobile app attacks found in various bug bounty programs. This talk will give an overview on the course and show how it can yield ideas about unconventional attack techniques and mindsets. During the talk, we will focus on tricky logic attack techniques. We will present and demo several attack stories inspired from findings discovered in real life professional experience and bug bounty programs that allow attackers to break defenses.

Speaker Bio

Hassan El Hadary

Hassan is currently a Lead Consultant at SecureMisr heading the application security assessment and code review team. He is also responsible for performing penetration tests as well as advising customers in the areas of PCI-DSS and PCI-PIN Security Compliance Requirements. He started his career as a programmer, during which he developed his passion for Information Security. Hassan received his Master's degree in Computer Science from the American University in Cairo with a Thesis in the field of Secure Software Engineering. He is certified with GWAPT and GCIH.

 

Hassan is an active participant in bug bounty programs. He was acknowledged and rewarded by several vendors such as Google, Apple, Facebook, Twitter, PayPal, eBay, Etsy, AT&T, Gift Cards, Cisco Meraki, and Groupon. He has publications and talks in several events such as SANS Pen Test Berlin, US - Egypt Cyber Security Workshop, Middle East Info Security Summit, ADPoly Cyber Security Bootcamp, OWASP Cairo Chapter, CSCAMP and SKLABS.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.