NorthSec 2021

Dolev Farhi

Dolev is a security engineer and author with extensive experience leading security engineering teams in complex environments and scale in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple, building defences for one of the fastest Fintech companies in North America.

Dolev has previously worked for several security firms and provided training for official Linux certification tracks. He is one of the founders of DEFCON Toronto (DC416), a popular Toronto-based hacker group. In his spare time, he enjoys researching vulnerabilities in IoT devices, participating and building CTF challenges and contributing exploits to Exploit-DB.

The speaker's profile picture

What is your title?

Principal Security Engineer

What is your company/affiliation(s)?

Wealthsimple

LinkedIn profile (full URL)

https://www.linkedin.com/in/dolevfarhi/


Sessions

05-20
11:25
40min
Application security
Laurent Desaulniers, Indiana Moreau, Dolev Farhi, Mitchell Cohen, Mansi Sheth

Q&A and discussion for the malware block, hosted and moderated by Laurent Desaulniers Questions will be gathered from the audience during the four prior talks.

Appsec
Main stream
05-20
10:50
30min
Damn GraphQL - Attacking and Defending APIs
Dolev Farhi

Security teams are in a never ending race against new uprising technologies. Often, these technologies are not secure by default and require deep research to defend them, ain order to succeed in balancing technology adoption with security.

The challenge with new technologies is that the security knowledge and tooling may not be as mature as with older technologies. This talk will provide insight into GraphQL, a REST API alternative and focus on how to run security tests against it, as well as defend against the various possible attack vectors.

Appsec
Main stream