BACK TO SPEAKERS
Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, BSides Canberra and WAHCKon.
Shubham is also a founder of the charity Hackers Helping Hackers which provides hackers from under-represented and less privileged groups access to industry events, mentorship and training.
Catch Me If You Can: Exploring the Impact of Ephemeral Vulnerabilities
Technical Level (3 being the highest score): 2
As companies have shifted to a cloud-first architecture and adopted continuous deployment and DevOps practices the exposed attack surfaces of these organisations have become more fluid and evolve rapidly.
This pace has exposed new types of vulnerabilities and security issues that are ephemeral in nature but often have critical security impact. This presentation will explore our research into ephemeral vulnerabilities and our experience applying this to real world environments through bug bounties.
Specifically we will detail how ephemeral vulnerabilities are introduced and explore methods and techniques to find ephemeral vulnerabilities with detailed examples of critical ephemeral issues found when applying our research to bug bounty programs. We will also present strategies and techniques that organisations can apply to prevent these issues.
Presentation video can be found HERE
Shubham Shah
Assetnote
Shubham Shah is the co-founder and CTO of Assetnote, a platform for continuous monitoring of your external attack surface.Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, BSides Canberra and WAHCKon.
Shubham is also a founder of the charity Hackers Helping Hackers which provides hackers from under-represented and less privileged groups access to industry events, mentorship and training.
Catch Me If You Can: Exploring the Impact of Ephemeral Vulnerabilities
Technical Level (3 being the highest score): 2
As companies have shifted to a cloud-first architecture and adopted continuous deployment and DevOps practices the exposed attack surfaces of these organisations have become more fluid and evolve rapidly.
This pace has exposed new types of vulnerabilities and security issues that are ephemeral in nature but often have critical security impact. This presentation will explore our research into ephemeral vulnerabilities and our experience applying this to real world environments through bug bounties.
Specifically we will detail how ephemeral vulnerabilities are introduced and explore methods and techniques to find ephemeral vulnerabilities with detailed examples of critical ephemeral issues found when applying our research to bug bounty programs. We will also present strategies and techniques that organisations can apply to prevent these issues.
Presentation video can be found HERE