BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: FlowMate\n   When: Friday\, Aug 11\, 12:00 - 13:55 P
 DT\n   Where: Caesars Forum - Society Boardroom - Demo Labs - [1]Map\n   S
 peakers:Florian Haag\,Nicolas Schickert\n\n   SpeakerBio:Florian Haag\n   
 Florian Haag is a senior security consultant at usd AG with experience\n  
  in penetration testing\, software security assessments as well as code\n 
   reviews. He is specialized in penetration tests of thick client\n   appl
 ications\, leveraging his background in software development to\n   revers
 e engineer proprietary client applications and network\n   protocols. In p
 revious scientific work\, he worked on novel approaches\n   to application
 -level data flow analysis to improve penetration testing\n   coverage. In 
 addition\, he analyzed website clones used in phishing\n   campaigns and t
 he frameworks that are used by fraudsters to create and\n   operate cloned
  websites.\n\n   SpeakerBio:Nicolas Schickert\n   Nicolas Schickert is sec
 urity researcher and penetration tester at usd\n   AG\, an information sec
 urity company based in Germany. He is in charge\n   of SAP specific penetr
 ation tests at the usd HeroLab. In this role\,\n   Nicolas is responsible 
 for the collection of SAP related knowledge and\n   the development of new
  analysis tools. He is interested in reverse\n   engineering and vulnerabi
 lity research and has published several\n   zero-day vulnerabilities\, not
  only in the context of SAP.\n\n   Description:\n   Imagine pentesting a l
 arge web application with hundreds of pages and\n   forms\, as well as use
 r roles and tenants. You discover that your\n   chosen username is reflect
 ed in many locations inside the application\,\n   but you don't have a det
 ailed overview. You want to test whether the\n   chosen username is handle
 d properly or allows for injection attacks\,\n   such as Cross-Site Script
 ing or Server-Site Template Injection. Now\n   you face the challenge of f
 inding all locations where your payloads\n   appear when injecting into th
 e username. In large applications\, you'll\n   likely miss some\, potentia
 lly leaving vulnerabilities undetected. This\n   is where FlowMate comes i
 nto play\, our novel tool to detect data flows\n   in applications for enh
 anced vulnerability assessments. FlowMate\n   consists of two components: 
 A BurpSuite plugin and a data flow graph\n   based on Neo4j. It records in
 puts to the application as you go through\n   the pages exploring the appl
 ication and searches for occurrences of\n   the captured inputs in the res
 ponses. This results in a graph that can\n   be visualized and searched fo
 r parameters of interest and where\n   they're occurring on the site. Unde
 rstanding the data flows of an\n   application helps to significantly impr
 ove the test coverage and bring\n   your pentesting to the next level.\n  
  '\n\n   1. #CaesarsSummitBR\n\n\n
DTEND:20230811T205500Z
DTSTART:20230811T190000Z
LOCATION:DL - Caesars Forum - Society Boardroom - Demo Labs
SUMMARY:FlowMate
END:VEVENT
END:VCALENDAR