The second year in a row, I’m pleased to host the main stage of @ZeroNights and prepare a soundtrack of the geekiest cybersecurity conference in Russia.
— Denis Makrushin (@makrushind) August 19, 2021
Hey, speakers, this time, if you are not able to provide confident answers after your presentations, you will have to dance! pic.twitter.com/9Ok78cPBbt
Payment systems are a tidbit for an attacker, but often it’s non-achievable scope for bug hunters outside the company. Bug bounty programs of financial organizations include resources that are on the surface of the attack, and it’s quite difficult for a researcher to dig deeper into the internal financial processes. So we have to limit ourselves with XSS, SSRF in a web-application of the payment system.
To properly implement a product maturity program, organizations need to embed and grow security expertise. Cultivation of application security champions requires the right pivot point in the following topic: application bug hunting and mitigation strategy.