10 am, AEDT, BST & CT

OpenSSL deep dive: The good, the bad, and the not-so-ugly

On October 25, OpenSSL notified users that it had found two new vulnerabilities in OpenSSL 3.0.0 through 3.0.6. One of these was apparently “critical” – the same level as the notorious Heartbleed flaw of 2014.

That captured everyone’s attention because Heartbleed affected many high-profile organizations, could compromise encrypted information of all kinds, and actually showed up in the wild. It was bad.

But by November 1, when OpenSSL released its version 3.0.7 fix, it more clearly understood the two new vulnerabilities and downgraded them to “high” severity.


loading the form…

Your information will be kept private

Thank you!

You will receive an email confirming your registration shortly.

Join Invicti Distinguished Architect, Dan Murphy and Invicti CTO and Head of Security Research, Frank Catucci,

as they aim to answer that question, as well as show how attackers might try to exploit OpenSSL vulnerabilities, and why they probably can’t.

You will also learn:

  • What is OpenSSL and where it is used
  • Its adoption rate, strengths, and weaknesses
  • How the vulnerability can be exploited and mitigated

While these specific OpenSSL vulnerabilities turned out to be less dangerous than initially thought, there is no guarantee that a Heartbleed-level vulnerability won’t happen again. Join the webinar to be better prepared for the next big open-source vulnerability.

Enter the Draw

Invicti delivers on the promise of AppSec with Zero Noise. In addition to learning how to do AppSec with Zero Noise, we are offering a set of Bose noise canceling headphones to a lucky webinar participant. All you need to do is attend the live webinar till the end to go in the draw to win the prize.

T&C’s apply


Dan Murphy

Distinguished Architect

Dan Murphy has 20+ years of experience in the security space, specializing in web security, distributed systems, and software architecture. As a Distinguished Architect at Invicti, his focus is on ensuring that Invicti products across the entire organization work together to provide a scalable, performant, and secure dynamic analysis experience.


Frank Catucci

CTO and Head of Security Research

Frank Catucci is a global application security technical leader with over 20 years of experience, designing scalable application security specific architecture and partnering with cross-functional engineering and product teams. Frank is a past OWASP Chapter President and contributor to the OWASP bug bounty initiative, and most recently was the Head of Application & Product Security at Data Robot. Prior to that role, Frank was the Sr. Director of Application Security & DevSecOps and Security Researcher at Gartner, and also the Director of Application Security for Qualys.