Presentation Archives - David Petrasovic

Efail Opening Slide

Efail Presentation

By | | No Comments

Efail is an attack that can decrypt PGP (Pretty Good Privacy) encrypted emails without the private key or knowing the passphrase. The talk was presented at OWASP at Shopify.

This was also a challenge for a CTF (Capture The Flag) by Hack All The Things. A sample of the exploit can be found on GitHub

View Slides

Hash Length Extension Attack Presentation

HLEA Presentation

By | | No Comments

What is a Hash Length Extension Attack? This is what I aimed to answer with talk. It goes into as much detail as is required to understand the concept. The talk was presented at OWASP at Shopify as well as at Nokia.

View Slides

NodeJS Security Best Practices

By | | No Comments

NodeJS Security Best Practices is a talk that I have done at OWASP Ottawa, OWASP Kanata and OttawaJS. It is intended to be digestible and impactful for both entry level and seasoned NodeJS developers as well as the wider security community. The talk includes justifications and examples for why it is important to do some of the practices where the reasoning may not be obvious (such as setting HTTP headers to prevent clickjacking).

View Slides