Milan Gabor is a ex-developer, founder and CEO of Viris, Slovenian company specialized in information security. He is security professional, pen-tester and researcher. Milan is a distinguished and popular speaker on information security. He has previously been invited to speak at various events at different IT conferences in Slovenia and the rest of the World. He also does ethical hacking trainings. He is always on a hunt for new and uncovered things and he really loves and enjoys his job and dreams about parachute jumping.
“In today’s agile world of development, where there is demand for a fast app to market race there sometimes there are many areas, that are neglected. Sometimes this is not done intentionally, but in a lot of cases, there are several reasons why this can be a big issue. Especially if this can lead to some data compromise or even leakage of critical personal data. During the testing process, some areas are well covered, but other areas are missing some good test coverage, especially those, that need some deep understanding how things actually work behind scenes.
During the presentation, we will try to look into some real case scenarios, explain root causes and try to find some easy solutions that can make testing even better and more secure. Presented cases will be from our own experience and will be based on real findings from last past years doing security testing systems and applications. We will point out some common errors that we as ethical hacker find when performing security assessments and can be easily spotted already in testing process and make whole development process faster and cheaper. Some of them are really easy to spot and there is no need for some heavy security knowledge, but with some simple tricks, the tester can easily cover also this area of testing. We will try out to point some good resources that can help testers to perform better security testing and make delivered applications even more secure. We think, that testers need to have at least basic knowledge in the area of security testing to achieve better testing procedures and more secure products.”