SESSION + Live Q&A
This Will Cut You: Go's Sharper Edges
An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore how distinct, exploitable misuse patterns arise in software languages, and through example in Go – in particular a quietly prevalent and worryingly effective denial of service attack on Go systems affecting the Go toolchain itself – hope to begin greater discourse on the language's distinct security characteristics.
Speaker
Thomas Shadwell
Security Engineer @Twitch
I am an application security engineer at Twitch. I'm best known for breaking things I like using including reporting 120 vulnerabilities in Steam, breaking Steam's login encryption or getting XSS, then remote code execution in Mr Robot's website. Breaking what I like using is also how I ended up...
Read moreFind Thomas Shadwell at:
Location
St James, 4th flr.
Track
Security: Lessons Learned From Being Pwned
Topics
SecurityTwitchGo*-langShare
From the same track
How to Backdoor Invulnerable Code
It is easy to think that securing a product relies on writing code without vulnerabilities and it's true that this is a very important aspect, but a secure product relies on more than just the code written. To an attacker every aspect involved in the development process, from the human element to...
Josh Schwartz
Director of Offensive Security @Salesforce
Building Secure Player Experiences At Riot Games
In this talk, David will give you an overview of the Riot Games Application Security program. The talk will focus on the tech and social aspects of the program and why David feels both are important when it comes to writing secure code. Specifically David will talk about how we define Application...
David Rook
Head of Application Security @RiotGames
Out of the Browser Into the Fire
Authors: Shubs Shah, Matt Bryant, and Joe DeMesy The evolution of the web has blurred the line between traditional web applications and native clients. In an effort to allow web developers to build powerful desktop applications quickly, web technologies have been put into standalone...
Joe DeMesy
Security Associate @BishopFox
Making the Most out of a Bad Day as a Developer
You know how it goes. There is always someone that finds out how to break all the hard work you and your team have put in developing a kick-ass application. Nobody likes to receive security bug reports but they are a reality we have to deal with. Penetration testers, bug bounty programs,...
Wim Remes
CEO/Principal Consultant @NRJSecurity & Board Member (ISC)²