This talk contain code that may offend the sensibilities 
of the most crafters.

@JulienTopcu

Welcome to Pangloss !

"all is for the best in the best of all possible worlds"

@JulienTopcu

@JulienTopcu

Julien Topçu

Sr Technical Leader

beyondxscratch.com

julien.topcu@owasp.org

How to get properly h4ck3d!

@JulienTopcu

@JulienTopcu

' OR '1'='1' LIMIT 1 --

HRE

@JulienTopcu

Human Readable Encoding

a.k.a clear-text

@JulienTopcu

@JulienTopcu

Dear Pangloss user,


We are really happy to offer you a 80% discount!!!

 

This is a limited offer, don't loose any time and visit this link!

@JulienTopcu

VanderdendurBank

Salary                                             +1759


Ashley Madison                             -169

Pangloss Order                    -1000000
 

Balance                                   -997 904

😱

🤔

😏

🤑

@JulienTopcu

Injection

Broken Authentication

Sensitive data exposure

XML External Entities (XXE)

Broken Access Control

Security misconfigurations

Cross Site Scripting (XSS)

Insecure Deserialization

Using Components with known vulnerabilities

Insufficient logging and monitoring

Hackers-proof software

in 20 minutes

@JulienTopcu

😈

@JulienTopcu

Thank you!

GitLab Repository

Keeping your secrets

@JulienTopcu

@JulienTopcu

Vulnerabilities in third-parties

How to get properly hacked!

By Julien Topçu

How to get properly hacked!

Yet another leak of credit card numbers on the internet! https://www.infoq.com/news/2018/11/british-airways-data-breach It is scary isn't it? But wait a minute! What are we doing to make sure our application is actually secured? During this live-coding and live-hacking session, discover the most common mistakes in software developement leading to security vulnerabilities, that the vast majority of us do without even knowing it! After that, you will not see your application in the same way ...

  • 1,661