Chapter Croatia Virtual Meetup - DeFi Hacks & WebAppSec with HAProxy

Hello Everyone,

For this quarter's OWASP Croatia meetup, we have 2 topics that will be delivered virtually (Over Google Meet):

• Duncan Townsend: Hacks Averted - Large-value DeFi hacks that didn't happen due to responsible disclosure from whitehat hackers
• Dinko Korunić: Web application security using HAProxy
• Chill and Chat - Stay a while and chat with others from OWASP Croatia

Note that the first talk will be in English and second talk will be in Croatian.

See you!

Talk abstracts and bios follow:

---------------------
Title: Hacks Averted
Large-value DeFi hacks that didn't happen due to responsible
disclosure from whitehat hackers

Summary:
DeFi are becoming more numerous and sophisticated. Responsible
disclosure by whitehat hackers is the last bastion of defense against
these hacks. We will review several several smart contracts that were
the subject of responsible disclosures. After a conversation with the
audience about the vulnerability, we will examine the technical
details of the bug. We will consider the root causes of the
vulnerability and discuss practices the project could have adopted in
order to avoid this class of bugs in the future.

Bio:
Duncan Townsend, CTO
With a background as a Machine Learning and Security Engineer. After
completing a S.B. and M.Eng. in AI at MIT, he has worked at a series
of pure-tech startups before co-founding his own at Immunefi. While at
MIT, in 2010, he started hacking on cryptocurrency projects. Other
past projects have included direct image-to-trajectory deep neural
nets, zero-knowledge homomorphic encryption chat routing, formally
verified encrypted chat, and a high-performance regular expression
compiler. At Immunefi, he is tapping into his expertise not only in
software security best practices, but also in physical security,
operational security, and encryption.

---------------------

Title: Web application security using HAProxy

Summary:
HAProxy load balancer: implementacija višerazinskog filtriranja i zaštite za Web aplikacije

Bio:
Ja sam Dinko Korunić, i trenutno sam product manager u Crossvallii i senior sistemski inženjer u HAProxy Technologies. Inače sam radoholičar, a nešto malo slobodnog vremena što ostane nakon obiteljskih obaveza se bavim čitanjem, učenjem novih tehnologija i sistemskim programiranjem. Bio sam konzultant za sigurnost i sistemac za InfoMAR, SRCE i CARNet, neko vrijeme sam pisao i Linux članke za Mrezu, a u proteklih 25 godina radio sam različite uglavnom Unix-oriented poslove što kod nas (na vecini tehničkih fakulteta u Zagrebu, uredu Predsjednika HR, Ministarstvu financija, RecroNet, Tmobile itd.) kao i vani. Trenutni fokus su mi velika skladišta podataka (300+PB) i HAProxy kao load-balancer za enterprise upotrebe te integracije HAProxyja sa cloud providerima poput Amazona, Azurea kao integracija sa Dockerom, Kubernetesom itd.