Ira Cherkes Levinshteyn
Senior Software Engineer, Synopsys.
Reẖovot, Israel
Actions
Ira is a senior software engineer working on Seeker, the Interactive Application Security Testing solution from Synopsys.
Ira's experience is diverse - she has a BA in Computer Science, a BSc in Biochemistry, and a MSc in Quantum Mechanics and she is now back to the Cybersecurity field at Synopsys.
In her day job she uses instrumentation in Java to help developers secure their applications.
She is also a mentor for women in tech, and when she isn’t coding or mentoring, she enjoys taking her family on challenging hikes and climbs.
Links
Area of Expertise
Topics
Using JWT safely: the do's and don'ts
JSON Web Tokens (JWTs) became widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However merely using a JWT is not enough to ensure your information is handled in a secure way. Due to its simplicity, it is common to change the configuration or misuse the data that is sent, thus building a vulnerable application while thinking it's perfectly secure.
In this talk you will learn what a JWT is and how to avoid common security mistakes when using it. We will discuss proper validation of the tokens, settings that disable the JWT signature and should be avoided, and what information should not be sent when creating a JWT.
How could a simple log message cause a huge mess? Log4Shell explained
In December 2021, the Java world was rocked by the discovery that the log4j framework contains a remote code execution vulnerability. How could a simple logging operation allow an attacker to execute code on your server and do virtually anything they like?
This talk will explain the log4Shell vulnerability and the mechanism that turns a log message into code execution. The talk will also cover important security concepts that you can use in the future to secure your applications.
Java code instrumentation for beginners
Curious about how profilers can estimate the time spent in each method or follow memory allocations?
One of the most common ways is to use instrumentation. Instrumentation is the addition of functionality to code for the purpose of gathering data. Profilers inject code into the software under test and extract information for performance analysis. Agents and event loggers also use this strategy.
In this workshop we will go over the basics of JVM, Java bytecode, Java agents, and code instrumentation. By using the Java Instrumentation API, we will build a simple “profiler” that counts the number of times a particular method was invoked. You will learn how to inject code into a Java application and follow the path of the instrumentation to see in detail the way it works.
Basic knowledge of Java is required.
Code for the exercise can be found here: https://github.com/irachle/JavaInstrumentationWorkshop
A workshop of 2 hours where attendees write a simple profiler that counts the number of times a particular method was invoked and then use the profiler to solve riddles.
Code for the exercise can be found here: https://github.com/irachle/JavaInstrumentationWorkshop
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top