Nir is a professional software engineer with expertise in Java, Node and Python and with over 14 years of experience in developing server-side applications. He likes challenges and has passion for building things, playing with new technologies and learning new things.
After graduating B.Sc. in computer science he stayed another few years in university to complete M.Sc. in Mathematics specializing in Graph theory and algorithms. Then felt that the academy-life might not be for him after all, so he joined the high-tech industry.
It took a bit over a year to understand that large corporations are not his cup of tea before he joined a small startup as the third developer, two years later that startup was bought and he moved to the Silicon Valley to help it continue to grow. Two years ago he joined Netflix and now is a member of Cloud Platform Automation team, helping his fellow engineers to deliver great "moments of truth" to over 60 million subscribers.
In this hands-on session we'll discuss some of the main websites vulnerabilities such as XSS, indirect object access, broken authentication and session management, sql injection and security misconfiguration.
The discussion will be somewhat limited as the majority of this session will be dedicated to hacking: you'll get an IP of a machine on AWS and after you'll register and login you'll get tasks: each task will be a CTF (capture the flag) and in order to find the flag you'll need to expose and use a different vulnerability in order to hack the site. In my experience this is one of the best ways to learn cybersecurity, hope you'll enjoy it as much as I do!