Micah Parks started his professional career about six years ago in the National Security Agency. After moving to the private sector, Micah has continued to work as a security minded software engineer. He has created and maintains multiple open source projects, with the most popular one involving JSON Web Key Sets, used by thousands of other projects including those from Google, Microsoft, Nvidia, Nintendo, ByteDance, and various governments and telecom providers. He also runs a small, niche, SaaS platform and always has a side project or two going.
Reverse Engineering for Dummies: The “what if?” user (<– add to your schedule)
When developing a product, software engineers often discuss the “what if?” user. What if a user builds their own frontend client? What if a user finds that embedded API key? What if a user notices that endpoint doesn’t have authorization? This talk has three real-life examples from the speaker’s perspective as the “what if?” user. Each example will delve into the motivation, the security flaws reverse engineered, and how to improve the security of each product. This talk will cover reverse engineering assets from an Android game, a waitlist to buy exercise equipment, and a Publish Subscribe system for an auction house. This talk aims to generate interest in identifying software design flaws and reverse engineering them, as well as helping teach about common security issues and practical methods of fixing them.