This talk contain code that may offend the sensibilities
of the most crafters.
@JulienTopcu
Welcome to Pangloss !
"all is for the best in the best of all possible worlds"
@JulienTopcu
@JulienTopcu
Julien Topçu
Sr Technical Leader
beyondxscratch.com
julien.topcu@owasp.org
How to get properly h4ck3d!
@JulienTopcu
@JulienTopcu
' OR '1'='1' LIMIT 1 --
HRE
@JulienTopcu
Human Readable Encoding
a.k.a clear-text
@JulienTopcu
@JulienTopcu
Dear Pangloss user,
We are really happy to offer you a 80% discount!!!
This is a limited offer, don't loose any time and visit this link!
@JulienTopcu
VanderdendurBank
Salary +1759
Ashley Madison -169
Pangloss Order -1000000
Balance -997 904
😱
🤔
😏
🤑
@JulienTopcu
Injection
Broken Authentication
Sensitive data exposure
XML External Entities (XXE)
Broken Access Control
Security misconfigurations
Cross Site Scripting (XSS)
Insecure Deserialization
Using Components with known vulnerabilities
Insufficient logging and monitoring
Hackers-proof software
in 20 minutes
@JulienTopcu
😈
@JulienTopcu
Thank you!
GitLab Repository
Keeping your secrets
@JulienTopcu
@JulienTopcu
Vulnerabilities in third-parties
How to get properly hacked!
By Julien Topçu
How to get properly hacked!
Yet another leak of credit card numbers on the internet! https://www.infoq.com/news/2018/11/british-airways-data-breach It is scary isn't it? But wait a minute! What are we doing to make sure our application is actually secured? During this live-coding and live-hacking session, discover the most common mistakes in software developement leading to security vulnerabilities, that the vast majority of us do without even knowing it! After that, you will not see your application in the same way ...
