Yuval Moravchick
Yuval Moravchick is the Application Security Research Team Leader at Cato Networks. With over 10 years of technical experience in the cybersecurity industry, Yuval has built and led security teams at various organizations. He specializes in penetration testing, security research, and the development of offensive security tools. Before joining Cato Networks, Yuval held roles at Wix.com and ControlUp, where he led an application security research team, detected 0-day bugs, and managed the SSDLC activities. Prior to joining Wix.com and ControlUp, Yuval honed his expertise at BugSec in managing a team of skilled penetration testers and also conducted red team simulations, and developed malware. Yuval holds a B.Sc. in Industrial & Management Engineering and has several industry certifications, including Offensive Security Certified Professional (OSCP) and Offensive Security Web Expert (OSWE).
Session
File upload vulnerabilities in cloud-native environments can have catastrophic consequences far beyond their perceived low severity. This session exposes a major flaw in Streamlit’s st.file_uploader widget, demonstrating a real-world exploit chain from bypassing client-side checks to gaining persistent access, manipulating cloud roles, and tampering with live data dashboards. Learn why trusting frontend logic is dangerous and how open-source misconfigurations become high-impact attack surfaces.