2023 Source Zero Con

Developers Gone Wild

Friday, June 23  |  11:00 a.m. - 11:45 a.m. ET

Most application security issues can be traced back to an error by one of the programmers of the app. And in many cases, they can be caused by a simple oversight or a missed detail. Who hasn't forgotten to add a call to a data sanitizing function before using an input? On the wrong field that can lead directly to a cross-site scripting vulnerability.

But sometimes there are programming errors that really stand out from the pack. The ones where as a pen tester you scratch your head and wonder - "what were they thinking?" These are some truly memorable findings from actual application security tests, that stand out for their uniqueness or insanity. (Anonymized for everyone's protection, of course!)

We may have some laughs during this talk, but there will also be important takeaways for developers, quality assurance testers, and pen and app testers. And not just specific admonitions to "don't do that," either. We will try to generalize and give you actionable advice for developer education, quality assurance coverage and pen testing improvement.


Tim Farley