Ori Ron
Senior Security Researcher, Checkmarx
Tel Aviv, Israel
Actions
Ori Ron is a Senior Security Researcher at Checkmarx with over 9 years of experience in vulnerability research and secure coding practices. He’s passionate about breaking down complex security topics and making them accessible to developers and researchers alike. Ori enjoys sharing knowledge through talks, workshops, and hands-on content.
When he’s not hunting vulnerabilities, you’ll likely find him fine-tuning a 3D print or prototyping his next DIY project.
Area of Expertise
Topics
When Regulation Backfires: How a Vulnerable Plugin Led to an XSS Pandemic
What began as a simple WAF bypass challenge on a single website turned into the discovery of a vulnerability affecting thousands of organizations. Join us in the journey of how an accessibility plugin, mandated by regulation, became the perfect vehicle for a widespread XSS vulnerability. We’ll explore the real-world impact of compromised sensitive systems, from government and military to healthcare and finance, showing how a single regulatory requirement led to an ecosystem-wide security breach.
We’ll also analyze the plugin’s source code to understand how and why this XSS vulnerability occurs, along with a behavior analysis that suggests the plugin may also be tracking users without consent, indicating potential malicious intent. Additionally, we’ll share the methodology and tools used to uncover and validate these vulnerabilities at scale.
Injecting and Detecting Backdoors in Code Completion Models
Immerse yourself in a workshop where we guide participants in creating a covert trojan within code completion models. Learn to inject a backdoor discreetly, then explore detection techniques. Gain hands-on experience crafting and identifying hidden threats, unveiling the underbelly of trusted coding.
Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx
Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software development, we find ourselves relying on strangers to provide us with code. Trust is often based on factors like the number of stars on a package or the credibility of the package’s maintainer on GitHub. However, what if I told you that all of this could be convincingly spoofed?
AppSec Village - DC32 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top