Mehmet INCE still continues his duty as the Senior Penetration Tester of PRODAFT / INVICTUS. İnce is known to be involved in the field of cyber security since 2004. Especially, he has been recognized with his researches and experience in web applications/servers. He has also worked in a wide variety of projects as a developer and security consultant. So far, İnce has discovered and published security vulnerabilities in more than 150 open source applications. Most of these findings are still available on exploit-db, as well as İnce’s blog page, where he shares his ideas about current security issues and offer his contributions to global security community.
A 0day Story: Visiting Security Product’s Web Interfaces
Today’s corporate firms are managed through many commercial security products. In addition to the technical qualification criteria that institutions pay most attention to product purchase, it is another criterion that the product can be used easily by the employees of the company. For this reason, there are many management interfaces that are beautifully designed and have many modules together. Looking at the security products from this point of view, the attack vectors for such systems seem to have increased significantly. During this presentation, we will discuss the weaknesses and discovery methods of the 0days on many security products, such as TrendMicro, Alienvault, which we found in penetration testing.