Loading…
Back To Schedule
Thursday, February 16 • 3:30pm - 4:30pm
OpenSSL Deep Dive - The Good, The Bad and The Not-So-Ugly

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
On October 25, OpenSSL notified users that it had found two new vulnerabilities in OpenSSL 3.0.0 through 3.0.6. One of these was apparently “critical” – the same level as the notorious 2014 Heartbleed flaw. That captured everyone’s attention because Heartbleed affected many high-profile organizations, could compromise encrypted information of all kinds, and actually showed up in the wild. It was bad. But by November 1, when OpenSSL released its version 3.0.7 fix, it more clearly understood the two new vulnerabilities and downgraded them to “high” severity. Since AppSec researchers are in the business of scanning servers, applications and APIs for vulnerabilities, we can add value by illuminating why this was done, with a focus on how attackers might try to exploit these flaws – and why they probably can’t.
Speakers
avatar for Dan Murphy

Dan Murphy

Dan Murphy has 20+ years of experience in the security space, specializing in web security, distributed systems, and software architecture. As a distinguished architect at Invicti, his focus is on ensuring that Invicti products across the entire organization work together to provide... Read More →
avatar for Frank Catucci

Frank Catucci

CTO and Head of Security Research, Invicti
Frank Catucci is a global application security technical leader with over 20 years of experience, designing scalable application security specific architecture, partnering with cross-functional engineering and product teams. Frank is a past OWASP Chapter President and contributor... Read More →

OpenSSL Talk.pptx pdf
Thursday February 16, 2023 3:30pm - 4:30pm GMT
Room: Liffey Hall 1
  Breakout: Breaker, Category: Breaker

Attendees (18)