If your company develop mobile or desktop apps you probably know that in the modern world they should be digitally signed. When you try to solve a problem of code signing in big environments, you'll face a lot of difficulties: signing keys access management (especially in Continuous Integration), malware signing prevention and pitfails like SHA-1 deprecation. We successfully implemented a custom CodeSigning-As-A-Service solution capable of signing executables running on Android, iOS, Windows (usermode code, kernel drivers, installation packages etc.), Java apps and applets and solving all mentioned problems.
Evgeny Sidorov is an Information Security Officer at the major Russian search engine company Yandex. Evgeny works in the Application Security Engineering Team and is responsible for developing and embedding various defence techniques in web and mobile applications. He finished his Master degree in applied mathematics at the Institute of Cryptography, Telecommunications and Computer Science of Moscow.
Formely a software engineer Eldar Zaitov switched to information security in 2010, made pentesting for major Russian banks and companies. Was one of the initial members of CTF team More Smoked Leet Chicken, participated in DEF CON CTF finals. In 2012 joined Application Security Engineering Team at Yandex. Presented some information security talks at ZeroNights and YaC. Eldar is a maintainer of CTFtime.org.