Wild West of Conference Apps Security
Most conference apps are developed by outsourced third-party firms, which means that these apps may not be as secure as you would think they would be. We took this hypothesis and tested out a few thousand conference apps built by third-party firms for data leakage to see what kind of PII/sensitive data we could extract.
In this talk I want to go over methodology of testing, what was found , how (not)difficult it was to find them, and measures teams can take to decrease exposure. I want to take this opportunity to call out to security teams to dedicate resources to securing their conference apps.