On demand talks
Watch our on demand talks, and view the corresponding slide decks.
The Clean as You Code Imperative, by Sonar CEO Olivier Gaudin
In this talk given during We Are Developers, Olivier Gaudin talks about how Code Quality empowers developers and enable organizations to consistently deliver high-quality, secure code. He explains why the Clean As You Code methodology has to become an organizational imperative for a sustainable edge in the marketplace.
Topics: Clean As You Code, DevOps
You've Got Mail! And I'm Root on Your Zimbra Server
Zimbra, an enterprise-level email solution, has recently been the target of a 0-day campaign likely conducted by a state actor. As demonstrated by the Microsoft Exchange vulnerabilities, enterprise mail servers are a gold mine for attackers. In this talk we break down how we approached a complex enterprise web target from the viewpoint of a sophisticated attacker.
Topics: Code Security, Enterprise
A Common Bypass Pattern to Exploit Modern Web Apps
During our vulnerability research, we broke the defenses of some of the most popular open-source web applications. We realized that many code vulnerabilities we discovered share a common theme. In this talk, we express this common denominator as a simple, abstract methodology that seems to have gone unnoticed in the industry. To turn our theoretical pattern into an entertaining presentation, we explain and demo related vulnerabilities that we discovered in applications such as Magento2, WordPress, and Zimbra.
Topic: Code Security
Two Bugs to Rule Them All: Taking Over the PHP Supply Chain
This talk presents the technical details of the vulnerabilities that allowed us to compromise the infrastructure behind the two PHP package managers, Composer (twice!), and PEAR. Together, they serve more than a billion monthly package downloads. We also present how we could reduce the impact of such an attack and the actions package managers could take to protect themselves.
Topics: Code Security, Supply Chain, Developer Tools