Ben Kofman
Ben is a Senior Offensive Security Engineer at Praetorian, specializing in advanced product and application penetration testing, network security assessments, and automation. He has a bachelor's degree in Systems Engineering from the University of Illinois at Urbana-Champaign and several industry certifications, including the OSCP, GCIA, GMOB, and AWS Solutions Architect Associate. Ben also serves as a Cyber Warfare Officer in the Army National Guard.
Session
What comes to mind when you hear "SaaS data platform"? It's a term that's so common you can make a drinking game out of it. From Customer Data Platforms, Transformation, AI/ML, Warehousing, and Analytics - the list of services these products accomplish never ends. However, one thing is sure - the amount of user and enterprise data these applications process is enormous, especially when adopted by large enterprises. As a Security Engineer focused on advanced product assessments, I have evaluated several prominent SaaS data platforms. Due to their complexity and the sensitivity of the data they process, these products are often vulnerable to intriguing high-risk security issues.
This talk will discuss four common pitfalls in these products' architecture and logic that can expose their customers' critical data. Whether you are new to the industry, a seasoned veteran, or a CISO, you will learn about these modern technologies and how to approach them during a penetration test. As a customer of these products, you will understand the importance of due diligence and confirming that your vendors have received independent security assessments. And as an everyday consumer, you will recognize the risks of companies over-collecting and sharing your data.