Security and development teams often work in silos, but collaboration is essential for building secure products from the start.
The workshop covers a range of vulnerabilities from classic SQL injection and XSS to modern threats like template and AI prompt injection.
Server-Side Request Forgery (SSRF) is a critical vulnerability in cloud-native applications that can allow attackers to access sensitive metadata servers.
Attackers can cause a denial-of-service by bloating JSON Web Tokens (JWTs) in cookies to overwhelm and bottleneck backend authentication systems.
A hands-on demonstration shows how a command injection in a file export feature can be used to execute arbitrary commands on the server.
The pressure to ship features quickly leads to half-baked products and a culture where security is treated as an afterthought, creating significant risk.
Developers can prevent vulnerabilities by moving away from "magical thinking" about libraries and actively breaking their own code to find flaws early.
A real-world example illustrates the common but dangerous practice of committing secrets to git and sharing passwords in plain text files.
A financial institution's policy of monthly password rotation led to users adopting a simple, predictable pattern that defeated the security measure entirely.
Bitpanda
Vienna, Austria
tree-IT GmbH
Bad Neustadt an der Saale, Germany
24:01Jackie
2:08:06Antonio de Mello & Amine Abed
28:41Alexander Pirker
58:19Michael Koppmann
26:59Jakub Andrzejewski
27:32Jasmin Azemović
29:47Thomas Chauchefoin & Paul Gerste
42:55Feross Aboukhadijeh
Jobs that call for the skills explored in this talk.
Data Gmbh
Hallbergmoos, Germany
Punk Security Ltd.
