Скачать с ютуб No Hat 2021 - David Calligaris - The Infinite Game of Vulnerability Research в хорошем качестве

No Hat 2021 - David Calligaris - The Infinite Game of Vulnerability Research

THE INFINITE GAME OF VULNERABILITY RESEARCH Nowadays finding vulnerabilities in well-audited software is becoming more and more difficult. Nevertheless, we still continue to see new vulnerabilities discovered and exploited in the wild. In this talk, we will see what a company can do to spot these vulnerabilities in advance. We will present some new ideas and improvements that will help internal vulnerability research teams to catch security bugs in a more rapid and efficient format. The talk will introduce and bring the attendees up to speed on topics like Fuzzing, Vulnerability Rediscovery, Variant Analysis, and Differential Analysis. DAVID CALLIGARIS - Vulnerability Researcher @Huawei In the CyberSecurity-verse since 199X, born in Italy but currently living in Germany.I'm leading an internal international team of Vulnerability Research for Huawei Technologies. The role of the team is to identify vulnerabilities in Huawei products. The activity of my team is focused on the following topics: Triage of Huawei Mobile Bug Bounty Program Vulnerabilities: In November 2019 Huawei Started a private Bug Bounty Program for Mobile Phones. Our role is to triage the vulnerabilities, perform variant analysis, communicate with Bug Bounty Hunters and Product Line to fix the vulnerabilities; Dynamic Security Testing: Implementation of state of the art fuzzers (user-space & kernel-space) for Huawei products. Before this experience in Huawei, I spend several years in a Cyber Security Consultant company Emaze S.p.A. in Italy. In this company, I started to work as a Vulnerability Researcher to become Chief Technology Officer (CTO) in 2015. Links: No Hat - Website: nohat.it No Hat - Twitter: @nohatcon D. Calligaris - Twitter: @daviddiaul