Sergey Temnikov

Sergey Temnikov
Sergey is obsessed with vulnerability research. He started as a developer many years ago and switched to the security area after several crashes of his own application. He used to be a malware analyst, web pentester and vulnerability researcher during his work in Kaspersky and Sec-Consult. Nowadays he works for Amazon in AWS Security. For his long career he has got many CVE's. Sergey is a regular speaker on different security conferences

Talk / Workshop

Attacking Java for fun and profit. Or a quick view on useful Fuzzing approaches

Fuzzing – old know security testing method. It’s not only a part of SDLC, but also a really cool approach of enhancing BugBounty results. But how to use fuzzing for BugBounties? The answer is simple – you should always remember that “3 Billion Devices Run Java”!

Java is extremely popular and powerful technology for multiple solutions – banking solutions, IoT, Industrial, average software, automotive and many many more! This talk is about customizing fuzzing tools and approaches to attack Java applications. During our talk we will discuss technical details and tools that you can use and we will do a deep-dive into several recently disclosed vulnerabilities in Java-based solution (CVE-2022-23437 and CVE-2021-41561).

This will be useful for several group of attendees: bug hunters, penetration testers, product security teams or software developers.


Subscribe and get our news and updates.