This talk contain code that may offend the sensibilities 
of the most crafters.

@JulienTopcu

Welcome to Pangloss !

"all is for the best in the best of all possible worlds"

@JulienTopcu

@JulienTopcu

Julien Topçu

Sr Technical Leader

beyondxscratch.com

julien.topcu@owasp.org

How to get properly h4ck3d!

@JulienTopcu

@JulienTopcu

' OR '1'='1' LIMIT 1 --

HRE

@JulienTopcu

Human Readable Encoding

a.k.a clear-text

@JulienTopcu

Hash Gen

Rainbow Table

@JulienTopcu

Dear Pangloss user,


We are really happy to offer you a 80% discount!!!

 

This is a limited offer, don't loose any time and visit this link!

@JulienTopcu

VanderdendurBank

Salary                                             +1759


Ashley Madison                             -169

Pangloss Order                    -1000000
 

Balance                                   -997 904

😱

🤔

😏

🤑

TOP 10:2017

@JulienTopcu

Injection

Broken Authentication

Sensitive data exposure

XML External Entities (XXE)

Broken Access Control

Security misconfigurations

Cross Site Scripting (XSS)

Insecure Deserialization

Using Components with known vulnerabilities

Insufficient logging and monitoring

Hackers-proof software

in 20 minutes

@JulienTopcu

😈

@JulienTopcu

Thank you!

GitLab Repository

Keeping your secrets

@JulienTopcu

@JulienTopcu

Vulnerabilities in third-parties