Jump to navigation Jump to content
© Mapbox, © OpenStreetMap

Speaker

Matko Antun Bekavac

Matko Antun Bekavac

Security Consultant

Velika Gorica, Croatia

Actions

Matko Antun Bekavac works primarily on eCommerce platforms, with a strong focus on applied cybersecurity. Earlier in his career, he was introduced to security work through military intelligence, an influence that continues to shape his approach to identifying and mitigating real-world threats.

Area of Expertise

  • Information & Communications Technology
  • Law & Regulation

Topics

  • cybersecurity
  • AI and Cybersecurity
  • Cybersecurity Threats and Trends
  • Cybersecurity Governance and Risk Management
  • Cyber Security basics
  • Artificial Intelligence and Machine Learning for Cybersecurity
  • Cybersecurity Strategy
  • ecommerce
  • AI and Machine Learning in E-Commerce
  • AI in Retail & E-commerce
  • ecommerce development
  • Software Deveopment
  • Software Architecture
  • MVP development
  • From MVP to Scale

Sessions

Harvest Now, Decrypt Later: Architecting for the Day Encryption Fails

Most organizations treat encryption as a "set it and forget it" security layer. But in the shadows of the quantum transition, adversaries are currently harvesting massive amounts of encrypted data with one goal: waiting for the hardware to catch up. This is the "Harvest Now, Decrypt Later" (HNDL) threat, and it’s a ticking time bomb for any data with a shelf life longer than five years.

BitB: How 2FA Can Be Phished Without Domain Spoofing

Browser-in-the-Browser (BitB) attacks are an evolution of phishing techniques that use realistic fake browser windows to harvest credentials and second-factor codes in real time. Unlike traditional phishing, BitB doesn’t redirect the user away from the legitimate domain; instead it simulates a login popup inside the browser page, making detection by users and some security controls more difficult. This presentation will demystify the mechanics, demonstrate a practical keep-simple proof of concept, and present actionable defenses.

The "Kill-Switch" Architecture: Designing for Graceful Failure

In a world of supply chain attacks and zero-day exploits, "unhackable" is a lie. The only pragmatic goal is Controlled Collapse. If your app or a part of your organization is compromised, can you sever the connection without killing the business?

Security vs. Marketing: Engineering the Peace Treaty

Security wants zero access; Marketing wants zero friction. Usually, they end up killing each other—and the conversion rate. Security blocks the third-party tracking pixels that Marketing needs, while Marketing accidentally opens backdoors with "shadow" MarTech tools.

How I Accidentally Hijacked a Session

I opened a site and I was logged in as someone else. It’s not a hack; it’s a systemic failure of high-performance infrastructure. This talk deconstructs the architectural physics of Cache Poisoning and Session Leakage—where CDNs and load balancers mistakenly serve private data to the public.

We’ll analyze how misconfigured performance features turn into catastrophic PII leaks under load and ensure your next traffic spike doesn't become a GDPR nightmare.

The eCommerce Skimmer

It started with a phone call: "Our marketing team is reporting successful orders, but our payment gateway shows zero transactions."

The checkout looked perfect. The logs showed nothing. Yet, transactions were vanishing into thin air.

This talk is a technical post-mortem of a Magecart-style checkout hijacking. I’ll walk you through the "Live Fire" incident response and how it could have been avoided.

Matko Antun Bekavac

Security Consultant

Velika Gorica, Croatia

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top