ConTalks
Talks
Events

OWASP BeNeLux Day 2017

Talks

Image thumbnail for talk Common REST API security pitfalls
36:50

Common REST API security pitfalls

The shift towards a REST API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to yo...

Philippe De Ryck

Image thumbnail for talk How to spend $3.6mil on one coding mistake
43:52

How to spend $3.6mil on one coding mistake

In a recent global study, the average cost of a data breach is $3.62M globally. This session will discuss infamous examples of data breaches that has made headlines around the world. We will explore the technical details of the vulnerability itsel...

Matias Madou

Image thumbnail for talk Exploring the ecosystem of malicious domain registrations in the .eu TLD
46:19

Exploring the ecosystem of malicious domain registrations in the .eu TLD

In this talk, we report on an extensive analysis of 14 months of domain registration in the .eu TLD. The purpose is to identify large-scale malicious campaigns. Overall, the dataset of this study contains 824,121 new domain registrations; 2.53% of...

Lieven Desmet

Image thumbnail for talk Creating An AppSec Pipeline With Containers In A Week
35:52

Creating An AppSec Pipeline With Containers In A Week

Join us on our adventure of setting up a appsec pipeline with Docker containers. What did go wrong, how did we succeed? How do you fight false positives and how do you get the best out of the products out there without bothering the development te...

Jeroen Willemsen

Docker

Image thumbnail for talk The evil friend in your browser
44:40

The evil friend in your browser

On the one hand, browser extensions, e.g., for Chrome, are very useful, as they extend web browsers with additional functionality (e.g., blocking ads). On the other hand, they are the most dangerous code that runs in your browsers: extension can r...

Achim D. Brucker

Image thumbnail for talk Don't trust the DOM: Bypassing XSS mitigations via script gadgets
42:14

Don't trust the DOM: Bypassing XSS mitigations via script gadgets

Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques have been introduced to prevent or mitigate XSS. Most of these techniques, thereby, focus on script tags and event handlers. HTML sanitizers, for exampl...

Sebastian Lekies

Image thumbnail for talk A Series of Unfortunate Events: Where Malware Meets Murphy
26:46

A Series of Unfortunate Events: Where Malware Meets Murphy

When an end user reports some "strange looking file names", which, after investigating, you discover include several hundreds of Gigabytes of encrypted data, you of course know you are going to have a bad day. Your AV solution has failed you, your...

Mattijs van Ommeren