Build & maintain complex distributed systems
October 1–2, 2017: Training
October 2–4, 2017: Tutorials & Conference
New York, NY

Struts 2, Equifax, and you: The story of the worst breach in history (sponsored by Contrast Security)

Arshan Dabirsiaghi (Contrast Security)
3:50pm4:30pm Tuesday, October 3, 2017
Location: Murray Hill East B
Average rating: ****.
(4.50, 2 ratings)

What you'll learn

  • Explore lessons learned from the Struts 2 exploit
  • Discover how to stop the next attack against your production apps


A flaw in the widely used Apache Struts 2 framework was disclosed by Apache on March 6. An exploit of that vulnerability was released on March 7, leading to a breach at Equifax that exposed the data of as many as 143 million US consumers.

If you run web applications on the internet, then you most certainly have been (or are still being) probed. The team at Contrast Security continues to see exploit attempts from all over the world. Arshan Dabirsiaghi explains what Contrast Security learned from the Struts 2 exploit and details how to stop the next attack against your production apps. Arshan shares the inside scoop on how the company found, triaged, and shielded itself (and its customers) against Struts 2 attacks—all with no downtime.

This session is sponsored by Contrast Security.

Photo of Arshan Dabirsiaghi

Arshan Dabirsiaghi

Contrast Security

Arshan Dabirsiaghi is chief scientist at Contrast Security, where he draws on experience to guide the product line, drive new products and features, and spread the gospel about binary instrumentation. Arshan is an accomplished security researcher with over 10 years of experience advising large organizations on application security. Previously, Arshan held a research role at Aspect Security, where he used static and dynamic technology to perform security assurance work, including code reviews, architecture reviews, and penetration testing. Arshan quickly discovered that securing applications was a massive undertaking—one that requires innovative, deeply accurate technology and continuous testing.