Security Meetup – Kiwi.com Tech Week

Do you want to know more about European Union bug bounty programs for open-source software like VLC, notepad++ or PuTYY at first hand? Have you heard about Kleptography? Do you manage your secrets well enough?

Reserve your spot and join if you wanna get answers =>
http://bit.ly/2upmRuw

Schedule
18:00 — Door opens
18:30 - 19:10 - Adam Janovsky — Kleptography 101
19:10 - 19:40 - Martin Sucha — It's a secret to everybody
19:40 - 20:00 - Break
20:00 - 20:40 - Shlomie Liberow — Bug bounties: Open Source edition
20:40 - xx:xx - Networking

Speakers and Abstracts
Adam Janovsky — Kleptography 101
The aim of the talk is to explore the possibilities of kleptography -- a clever technique for constructing backdoors for cryptographic protocols. The talk concentrates on the TLS protocol and will show a way of how to completely break it using kleptography.

Adam is a PhD candidate at Masaryk University, Czech Republic. In his research, he utilises the techniques of data science and machine learning to discover problems in information security. At the same time, he works as a security researcher at the Invasys company.

Martin Sucha — It's a secret to everybody
If I can tell anything about you, it's that you have some secrets you want to keep for yourself. Computers are not any different! Secrets are used a lot in computing, yet it is easy for them to leak - so how do you avoid shooting yourself in the foot?

In this talk, we'll look at what secrets are, how secrets are commonly used, what mistakes people do when working with them and the options you have to minimize risk when dealing with secrets in your apps.

Martin is a software engineer who is interested in how things work. In particular, he enjoys learning things about web applications, distributed systems, databases, operating systems and last but not least security. He currently works as senior software engineer at Kiwi.com.

Shlomie Liberow — Bug bounties: Open Source edition
This talk will cover some of the findings, participation statistics and lessons learned from running the EC sponsored bug bounty program for projects such as notepad++, PuTYY and VLC.

Shlomie advises on and runs bug bounties on behalf of governments, companies and organisations. Prior to his current role, he was a programmer in the defence sector before subsequently moving into cybersecurity to help defend the privacy and reputation of some of the world's most [high-profile and] eminent persons.