Hacker-Powered Data: The Most Common Security Weaknesses and How to Avoid Them :: Rochester Security Summit

Hacker-Powered Data: The Most Common Security Weaknesses and How to Avoid Them

Presented by Miju Han

Security teams often see a deluge of incoming vulnerabilities from scanners, pen tests, and bug bounty programs. Using eight years of never before seen data from 1,800+ bug bounty programs and over 160,000 valid vulnerabilities found, this talk offers a focus for security teams based on analysis of what hackers actually exploit in the wild and what companies actually value. Attendees will discover common weaknesses such as Violation of Secure Design Principles, Information Disclosure, Denial of Service, VPN and Cryptographic Issues, and how attackers could exploit these prevalent vulnerabilities. Walk away with insights into the most common security weaknesses to better defend against them.

Miju Han

Miju Han is the Director of Product Management at HackerOne, the #1 hacker-powered security platform, where she leads a team of product managers, data scientists, and engineers to build and launch practical and actionable tooling for security teams. With a background in both data and security, Miju has a keen eye for spotting increased efficiency and automation in modern security practices. Miju previously served as a Director of Product at GitHub, where she pitched and launched security alerts on top of the dependency graph, one of the first large-scale efforts to embed security best practices into core development tooling. GitHub’s security alerts won a 2018 technology of the year award from InfoWorld, and more importantly, have lead to the patching of almost ten million vulnerabilities. Miju began her career working on data science at content platforms such as YouTube, Beats Music/Apple, and TuneIn.