Ovechenko Kateryna
QA Coordinator - ITERA
Kiev, Ukraine
Attended conferences (3)
Talks (3)
  • 06.07.2016
    Internet of vulnerable things

    Today more and more smart devices integrate into our lives. Every day these devices gather tons of personal information that is further processed and stored in the cloud. But how one can be sure that these devices don't have vulnerabilities and that our data is properly protected? 

    Let's follow the trends and talk about security of Internet of things. 

    What will be discussed: 

    - IoT-specific vulnerabilities 

    - what is the difference between IoT security and common security testing? 

    - what to start from and where to practice?

    • Average
    • 20 min
    • SQA Days / 20
  • 26.02.2015
    Fuzzing - leave hackers with nothing!

    Consider an integer in a program that stores the result of a user's choice between 3 questions. When the user picks one, the choice will be 0, 1 or 2, which makes three practical cases. But what if we transmit 3 or 255? If the default switch case hasn't been implemented securely, the program may crash and lead to classical security issues: exploitable buffer overflow, DoS etc.

    Fuzzing is the art of automatic vulnerabilities finding providing malformed or semi-malformed data to the input of the program.

    In the training I will explain how to apply this technique on practice, what preparations are required before start and show frameworks that help to automate this process.

    • Average
    • 40 min
    • SQA Days / 17
  • 31.01.2014
    Security of user sessions in web-applications: practical examples

    "86% of all websites had at least one serious vulnerability" WhiteHat Security Application vulnerabilities related to session management take 2nd place in TOP 10 vulnerability list. With vulnerabilities in session management mechanism attacker can compromise passwords or session tokens, or to exploit other implementation flaws to impersonate another user. During this master-class we are going to: - investigate in details web-session and its attributes - try on live examples most well-known vulnerabilities in sessions - provide recommendations how to prevent session vulnerabilities - analyze several tools useful for security testing of sessions in web-application The following vulnerabilities will be analyzed: Session fixation, Session hijacking, Cross-Site Request Forgery, Phising. This training will get you acquainted with basics in web-session, how they should be tested from security perspective, as well as provide you with main knowledge to start testing in your web-application.

    • Easy
    • 1h 30 min
    • SQA Days / 15
Chat with us, we are online!