SlideShare a Scribd company logo

Sergey Scherbel, Yuriy Dyachenko. Analyzing $natch

Positive Hack Days
Positive Hack Days
TechnologyEconomy & Finance
1 of 22
$NATCH Sergey Scherbel & Yuriy Dyachenko Positive Technologies Positive Hack Days 2013
Some Background The competition took place for the first time at PHDays 2012. $natch aims at demonstrating the typical vulnerabilities of online banking systems. Positive Technologies performs security tests of online banking systems on a regular basis. We are really into it. The most interesting and dangerous vulnerabilities along with the simply typical weaknesses are integrated into PHDays iBank.
Last Year Results ― 9 participants; ― 4 winners; ― the biggest winnings of 3,500 roubles; ― some winners got into the Positive community  ; (after an extremely scary interview of course).
PHDays iBank 2 PHDays iBank 2 is NOT a real online banking system used by actual banks. The system was developed exclusively for the PHDays 2013 competition. PHDays iBank 2 employs the typical vulnerabilities of online banking systems.
Competition Rules ― 100 bank clients; ― 10 participants; ― 20,000 roubles of prize money; ― 1 day for source code analysis; ― 30–40 minutes of the actual competition; ― a participant will get as much money as he/she will manage to transfer to his/her account; ― the participants can steal money from each other.
At Workshop You will be able: ― to examine each vulnerability in detail; ― to exploit vulnerabilities “by hand”; ― to exploit vulnerabilities with various tools. Everything is performed on a special copy of the competition system.
Accounts 100001:PKAC1y 100002:RNrlO9 100003:Ndl1Ix 100004:hQPuJw 100005:kpgtCI
Authentication One should enter the CAPTCHA to sign in.
Mobile Bank Authentication No CAPTCHA here, thus the account bruteforce is possible.
Accounts with Simple Passwords 100011:password 100012:phdays 100013:qwerty 100014:password 100015:123456 100016:12345 100017:11111 100018:ninja 100019:123123 100020:sex 100021:asdzxc 100022:654321 100023:iloveyou 100024:root 100025:master 100026:superman ...
Transaction Confirmation
Confirmation Bypass in Mobile Bank
Payment Templates Modification
Payment Templates Modification A template is not checked if it is owned by the current user
Payment Templates Modification $$
Payment Templates Modification $$
Importing Contacts Most online banks have a feature that allows one to import/export data.
XML External Entity Loading of external entities is not disabled. http://php.net/libxml_disable_entity_loader
XML External Entity <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE contact [<!ENTITY x SYSTEM "php://filter/read=convert.base64- encode/resource=logs/changePassword.log">]> <contacts> <contact> <name>name</name> <account>90107430600712500003</account> <description>&x;</description> </contact> </contacts> http://www.php.net/manual/en/wrappers.php.php
XML External Entity File contents in base64
Debug Mode
Thanks for your attention! Sergey Scherbel sscherbel@ptsecurity.ru Yuriy Dyachenko ydyachenko@ptsecurity.ru

Recommended

$natch
$natch$natch
$natchЮрий Дьяченко
 
старый движок в новых красках – Old webasyst cms 0days
старый движок в новых красках – Old webasyst cms 0daysстарый движок в новых красках – Old webasyst cms 0days
старый движок в новых красках – Old webasyst cms 0daysРоман Ильин
 
Snatch2
Snatch2Snatch2
Snatch2Positive Hack Days
 
Bank to the future
Bank to the futureBank to the future
Bank to the futureSpeck&Tech
 
Lecture kings college
Lecture kings collegeLecture kings college
Lecture kings collegeGerardo Lemus
 
Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...Francesca Lazzeri, PhD
 
Chochogami
ChochogamiChochogami
ChochogamiPat Conarro
 
Time to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingTime to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingWultra
 

Recommended

$natch
$natch$natch
$natchЮрий Дьяченко
 
старый движок в новых красках – Old webasyst cms 0days
старый движок в новых красках – Old webasyst cms 0daysстарый движок в новых красках – Old webasyst cms 0days
старый движок в новых красках – Old webasyst cms 0daysРоман Ильин
 
Snatch2
Snatch2Snatch2
Snatch2Positive Hack Days
 
Bank to the future
Bank to the futureBank to the future
Bank to the futureSpeck&Tech
 
Lecture kings college
Lecture kings collegeLecture kings college
Lecture kings collegeGerardo Lemus
 
Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...Operationalize deep learning models for fraud detection with Azure Machine Le...
Operationalize deep learning models for fraud detection with Azure Machine Le...Francesca Lazzeri, PhD
 
Chochogami
ChochogamiChochogami
ChochogamiPat Conarro
 
Time to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingTime to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingWultra
 
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays
 
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife HoulihanFinTech Belgium
 
APIDays 2020 - SEED(S) API Design Methodology
APIDays 2020 - SEED(S) API Design MethodologyAPIDays 2020 - SEED(S) API Design Methodology
APIDays 2020 - SEED(S) API Design MethodologyIrakli Nadareishvili
 
Risk Beyond Acquiring: Merchant Risk Across FinTech
Risk Beyond Acquiring: Merchant Risk Across FinTechRisk Beyond Acquiring: Merchant Risk Across FinTech
Risk Beyond Acquiring: Merchant Risk Across FinTechGeo Coelho
 
Everything You Need to Know About Crypto
Everything You Need to Know About CryptoEverything You Need to Know About Crypto
Everything You Need to Know About CryptoAggregage
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Uniphore
 
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...Money 2Conf
 
Building Intelligent Data Products (Applied AI)
Building Intelligent Data Products (Applied AI)Building Intelligent Data Products (Applied AI)
Building Intelligent Data Products (Applied AI)Stephen Whitworth
 
A Research Paper on Credit Card Fraud Detection
A Research Paper on Credit Card Fraud DetectionA Research Paper on Credit Card Fraud Detection
A Research Paper on Credit Card Fraud DetectionIRJET Journal
 
Digits ico-whitepaper-1v8c
Digits ico-whitepaper-1v8cDigits ico-whitepaper-1v8c
Digits ico-whitepaper-1v8cEtheralabs
 
Typical Vulnerabilities of E-Banking Systems
Typical Vulnerabilities of E-Banking SystemsTypical Vulnerabilities of E-Banking Systems
Typical Vulnerabilities of E-Banking SystemsPositive Hack Days
 
W12 pitch deck v11.1
W12 pitch deck v11.1W12 pitch deck v11.1
W12 pitch deck v11.1Test test
 
Presentation for 2012 nextMedia in Toronto, Canada
Presentation for 2012 nextMedia in Toronto, CanadaPresentation for 2012 nextMedia in Toronto, Canada
Presentation for 2012 nextMedia in Toronto, CanadaLinda Ettinger Lieberman
 
moncon - The World's Simplest Paywall
moncon - The World's Simplest Paywallmoncon - The World's Simplest Paywall
moncon - The World's Simplest PaywallDiego Torres
 
Fraud Meetup
Fraud MeetupFraud Meetup
Fraud MeetupJohnNellen
 
python pre-submission report.pdf
python pre-submission report.pdfpython pre-submission report.pdf
python pre-submission report.pdfSruthiMugle
 
TADHack Global 2019 Winners
TADHack Global 2019 WinnersTADHack Global 2019 Winners
TADHack Global 2019 WinnersAlan Quayle
 
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...apidays
 
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...Money 2Conf
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATMParas Garg
 
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 

More Related Content

Similar to Sergey Scherbel, Yuriy Dyachenko. Analyzing $natch

apidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays
 
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife HoulihanFinTech Belgium
 
APIDays 2020 - SEED(S) API Design Methodology
APIDays 2020 - SEED(S) API Design MethodologyAPIDays 2020 - SEED(S) API Design Methodology
APIDays 2020 - SEED(S) API Design MethodologyIrakli Nadareishvili
 
Risk Beyond Acquiring: Merchant Risk Across FinTech
Risk Beyond Acquiring: Merchant Risk Across FinTechRisk Beyond Acquiring: Merchant Risk Across FinTech
Risk Beyond Acquiring: Merchant Risk Across FinTechGeo Coelho
 
Everything You Need to Know About Crypto
Everything You Need to Know About CryptoEverything You Need to Know About Crypto
Everything You Need to Know About CryptoAggregage
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Uniphore
 
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...Money 2Conf
 
Building Intelligent Data Products (Applied AI)
Building Intelligent Data Products (Applied AI)Building Intelligent Data Products (Applied AI)
Building Intelligent Data Products (Applied AI)Stephen Whitworth
 
A Research Paper on Credit Card Fraud Detection
A Research Paper on Credit Card Fraud DetectionA Research Paper on Credit Card Fraud Detection
A Research Paper on Credit Card Fraud DetectionIRJET Journal
 
Digits ico-whitepaper-1v8c
Digits ico-whitepaper-1v8cDigits ico-whitepaper-1v8c
Digits ico-whitepaper-1v8cEtheralabs
 
Typical Vulnerabilities of E-Banking Systems
Typical Vulnerabilities of E-Banking SystemsTypical Vulnerabilities of E-Banking Systems
Typical Vulnerabilities of E-Banking SystemsPositive Hack Days
 
W12 pitch deck v11.1
W12 pitch deck v11.1W12 pitch deck v11.1
W12 pitch deck v11.1Test test
 
Presentation for 2012 nextMedia in Toronto, Canada
Presentation for 2012 nextMedia in Toronto, CanadaPresentation for 2012 nextMedia in Toronto, Canada
Presentation for 2012 nextMedia in Toronto, CanadaLinda Ettinger Lieberman
 
moncon - The World's Simplest Paywall
moncon - The World's Simplest Paywallmoncon - The World's Simplest Paywall
moncon - The World's Simplest PaywallDiego Torres
 
python pre-submission report.pdf
python pre-submission report.pdfpython pre-submission report.pdf
python pre-submission report.pdfSruthiMugle
 
TADHack Global 2019 Winners
TADHack Global 2019 WinnersTADHack Global 2019 Winners
TADHack Global 2019 WinnersAlan Quayle
 
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...apidays
 
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...Money 2Conf
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATMParas Garg
 

Similar to Sergey Scherbel, Yuriy Dyachenko. Analyzing $natch (20)

apidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
 
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
Fintech Belgium Summit 2018: Open Banking - Klarna by Aoife Houlihan
 
APIDays 2020 - SEED(S) API Design Methodology
APIDays 2020 - SEED(S) API Design MethodologyAPIDays 2020 - SEED(S) API Design Methodology
APIDays 2020 - SEED(S) API Design Methodology
 
Risk Beyond Acquiring: Merchant Risk Across FinTech
Risk Beyond Acquiring: Merchant Risk Across FinTechRisk Beyond Acquiring: Merchant Risk Across FinTech
Risk Beyond Acquiring: Merchant Risk Across FinTech
 
Everything You Need to Know About Crypto
Everything You Need to Know About CryptoEverything You Need to Know About Crypto
Everything You Need to Know About Crypto
 
Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?Webcast - how can banks defend against fraud?
Webcast - how can banks defend against fraud?
 
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
Digital Transformation Fighting Banking Fraud: Money 2.0 Conference’s Experts...
 
Building Intelligent Data Products (Applied AI)
Building Intelligent Data Products (Applied AI)Building Intelligent Data Products (Applied AI)
Building Intelligent Data Products (Applied AI)
 
A Research Paper on Credit Card Fraud Detection
A Research Paper on Credit Card Fraud DetectionA Research Paper on Credit Card Fraud Detection
A Research Paper on Credit Card Fraud Detection
 
Digits ico-whitepaper-1v8c
Digits ico-whitepaper-1v8cDigits ico-whitepaper-1v8c
Digits ico-whitepaper-1v8c
 
Typical Vulnerabilities of E-Banking Systems
Typical Vulnerabilities of E-Banking SystemsTypical Vulnerabilities of E-Banking Systems
Typical Vulnerabilities of E-Banking Systems
 
W12 pitch deck v11.1
W12 pitch deck v11.1W12 pitch deck v11.1
W12 pitch deck v11.1
 
Presentation for 2012 nextMedia in Toronto, Canada
Presentation for 2012 nextMedia in Toronto, CanadaPresentation for 2012 nextMedia in Toronto, Canada
Presentation for 2012 nextMedia in Toronto, Canada
 
moncon - The World's Simplest Paywall
moncon - The World's Simplest Paywallmoncon - The World's Simplest Paywall
moncon - The World's Simplest Paywall
 
Fraud Meetup
Fraud MeetupFraud Meetup
Fraud Meetup
 
python pre-submission report.pdf
python pre-submission report.pdfpython pre-submission report.pdf
python pre-submission report.pdf
 
TADHack Global 2019 Winners
TADHack Global 2019 WinnersTADHack Global 2019 Winners
TADHack Global 2019 Winners
 
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
APIdays London 2019 - Open Banking:The day after PSD2 by Emmanuel Methivier, ...
 
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
New Technology To Combat The Fraud In Fintech: Rescue Tactics For Neobanks | ...
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATM
 

More from Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

More from Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Recently uploaded (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Sergey Scherbel, Yuriy Dyachenko. Analyzing $natch