Level: Technical

Everyone is talking about common classes of bugs, sql injection, XSS, CSRF, IDOR etc. But, as in all things in life, there are more, fancier things that true bug connoisseurs love. This talk will show some nice deserialization and request forgery tricks. So if you want to expand your application security knowledge for either offensive or defensive purposes, this might be the talk for you.

Tonimir Kisasondi is the Founder of Oru, a boutique information security consultancy from Varazdin, Croatia. He finished his Ph.D. in the area of cryptanalysis at the Faculty of Organization and Informatics, University of Zagreb. From his industrial cooperation side, for the last 10 years, he specializes in helping software, IoT and distributed systems companies from the EU and US build secure products from the design to the production stage. His professional and research area of interest is security architecture, application security, security testing & analysis and applied cryptography.


[Slides (PDF)] [Recording (MP4)]

Comments are closed.