Alexander Pirker

101 Typical Security Pitfalls

A number like 257 silently becomes 1, breaking your cryptography and leaking secrets. Discover the subtle dangers of implicit type casting.

101 Typical Security Pitfalls
#1about 3 minutes

Defining the context of application security

Security is not absolute and must be evaluated based on the application type, environment, data sensitivity, and performance constraints.

#2about 2 minutes

Understanding the impact of major vulnerabilities

Recent widespread vulnerabilities like Log4Shell and Spring4Shell demonstrate the critical need for proactive security in software development.

#3about 3 minutes

Preventing XSS by sanitizing on the backend

Client-side input sanitization is easily bypassed, so all user-provided data must be sanitized on the backend to prevent XSS attacks.

#4about 4 minutes

Preventing remote code execution from poor input validation

Failing to validate input parameters against an allowlist can lead to command injection, allowing an attacker to open a reverse shell.

#5about 4 minutes

Preventing denial of service attacks from service crashes

Supplying malformed data, like a public key of the wrong length, can trigger a panic in a library and cause a denial-of-service attack.

#6about 4 minutes

How data type downcasting can break cryptography

Implicitly downcasting a larger integer to a smaller type like a byte can lead to information leakage by causing index collisions.

#7about 4 minutes

Preventing information leakage from out-of-bounds memory reads

Failing to validate the length parameter in a memory copy operation can lead to an out-of-bounds read, leaking sensitive stack memory.

#8about 3 minutes

Four key principles for writing secure code

Developers should prioritize input data sanitation, careful data type selection, proper memory management, and graceful error handling.

#9about 1 minute

Q&A on common pitfalls and sanitization tools

The most common security pitfall is XSS from frontend bypasses, and DOMPurify is a recommended tool for HTML sanitization.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Prompt injection as an unsolved AI security problem
07:39 MIN

Prompt injection as an unsolved AI security problem

AI in the Open and in Browsers - Tarek Ziadé

The future of cURL security without a bounty program
08:00 MIN

The future of cURL security without a bounty program

Don’t Insert Crazy! On cURL and AI Slop - Daniel Stenberg

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Understanding the problem of AI-generated "slop" reports
04:04 MIN

Understanding the problem of AI-generated "slop" reports

Don’t Insert Crazy! On cURL and AI Slop - Daniel Stenberg

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The industry's focus on frameworks over web fundamentals
11:32 MIN

The industry's focus on frameworks over web fundamentals

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Featured Partners

Related Videos

See all videos
Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Cross Site Scripting is yesterday's news, isn't it?30:54

Cross Site Scripting is yesterday's news, isn't it?

Martina Kraus

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Vulnerable VS Code extensions are now at your front door44:11

Vulnerable VS Code extensions are now at your front door

Raul Onitza-Klugman & Kirill Efimov

You click, you lose: a practical look at VSCode's security29:47

You click, you lose: a practical look at VSCode's security

Thomas Chauchefoin & Paul Gerste

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks27:10

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks

Sonya Moisset

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
CH
Chris Heilmann
Dev Digest 151: SEO in an AI world, security fixes and Doomed PDFs
Inside last week’s Dev Digest 151 . 🔎 How ChatGPT compares to search and what that means for SEO ✂️ Job cuts across the board as companies curb DEI programs 🟨 @Microsoft releases 161 Windows security updates ⚠️ @Google’s OAuth bug endangers million...
Dev Digest 151: SEO in an AI world, security fixes and Doomed PDFs
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
DC
Daniel Cranney
Understanding and Mitigating Common Web Vulnerabilities
Vulnerabilities exist in many forms on the web, and attackers continue to find creative ways to exploit them. Technological advances like the proliferation of AI are of course exciting nd filled with opportunities, they equally present opportunities ...
Understanding and Mitigating Common Web Vulnerabilities

From learning to earning

Jobs that call for the skills explored in this talk.