Hands-on, immersive CTI courses at the Cyber Threat Intelligence Summit & Training in January! Register for the free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Hunting Logic Attacks - SANS@Mic South by Southeast Asia

  • Wednesday, November 04, 2020 at 9:30 AM EST (2020-11-04 14:30:00 UTC)
  • Hassan El Hadary

You can now attend the webcast using your mobile device!



One of the most challenging problems to developers these days is to develop secure applications. Development platforms have provided several techniques to protect from common attacks such as Cross-Site Scripting, SQL injection, and others. However, logic attacks are still the hardest to stop because it is tricky and hard to discover. Logic attacks could allow an attacker to gain access to sensitive data and get control of unauthorized systems. In the era of IoT and complex applications, logic attacks will have higher impact. In this talk, we will present several logic attack stories that allow attackers to break developer defenses. All stories are inspired from findings discovered in real-life professional experience and bug bounty programs. Finally, we will discuss the future of such attacks and its application on IoT systems.

Speaker Bio

Hassan El Hadary

Hassan is currently a Lead Consultant at SecureMisr heading the application security assessment and code review team. He is also responsible for performing penetration tests as well as advising customers in the areas of PCI-DSS and PCI-PIN Security Compliance Requirements. He started his career as a programmer, during which he developed his passion for Information Security. Hassan received his Master's degree in Computer Science from the American University in Cairo with a Thesis in the field of Secure Software Engineering. He is certified with GWAPT and GCIH.


Hassan is an active participant in bug bounty programs. He was acknowledged and rewarded by several vendors such as Google, Apple, Facebook, Twitter, PayPal, eBay, Etsy, AT&T, Gift Cards, Cisco Meraki, and Groupon. He has publications and talks in several events such as SANS Pen Test Berlin, US - Egypt Cyber Security Workshop, Middle East Info Security Summit, ADPoly Cyber Security Bootcamp, OWASP Cairo Chapter, CSCAMP and SKLABS.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.