Registration Now Open for VK Security Confab: AppSec Meetup in St. Petersburg

Starting in July, we invite application security experts, developers, and independent researchers to the summer VK Security Confab, which will be held in St. Petersburg this time. During the AppSec meetup, we will discuss new approaches, technologies, and relevant case studies: the security of CI/CD and its importance for modern businesses, automation of finding classic vulnerabilities from the OWASP Top 10, the peculiarities of the modern HTTP/2 protocol, as well as techniques for bypassing PoS.

The agenda includes:

🔹 Hardening GitLab: Insights from VK
Dmitry Zemlyakov, an information security specialist (VK), will address the main security challenges of CI/CD within Big Tech, discussing tools and configuration requirements for GitLab projects and instances based on VK’s experiences.

🔹 Automating IDOR Detection with DAST
Andrey Kan, Lead Information Security Engineer (Ozon Fintech), will share insights on automating IDOR detection using DAST, including the approach, technical solutions, and the challenges faced.

🔹 Single Packet Attack: A New Method for Race Condition
Nikita Raspopov, Senior Specialist (VK), will examine the Single Packet Race Condition attack: its causes in HTTP/2, real cases involving Account Takeover (ATO), and techniques for identifying such vulnerabilities.

🔹 100,000 Shades of JS: From DoS to Money Theft
Vsevolod Kokorin, Information Security Researcher (SolidLab), will present examples from Bug Bounty attacks that enabled the circumvention of PoS mechanisms through DoS, along with an analysis of NodeJS architecture and the Shardeum blockchain.

Following the presentations, there will be a lively afterparty on one of the most beautiful rooftops in St. Petersburg.

Participation is free, but it’s essential to register.

Let’s meet on July 3rd at 7:00 PM at VK’s office «By the Red Bridge,» located at: St. Petersburg, Naberezhnaya reki Moyki St., 73.

Guest arrival begins at 6:00 PM.