26 au 28 février, 2020
Hôtel Bonaventure

5 Unicode vulnerabilities that could byte you

  1. Accueil
  2. Montréal 2020
  3. Sessions

Securité

28 February 2020 @ 15:00
ST-Laurent 3
Session en anglais - Avancé

Partager sur Twitter Partager sur Facebook

The number of Unicode code points has never stopped to grow just like its integration in modern technologies. Your web application is likely to support input and output formatted in UTF-8 character encoding. In this talk, you will learn about the security implications. What are the potential side effects of normalizing a UTF-8 string? How encoding can affect security controls? What are the security risks brought by punycode domains?

Voir les 156 présentations

Philippe Arteau

Philippe Arteau

ServiceNow

Philippe is a security engineer for ServiceNow. He has an interest in software development, penetration testing and security code review. He maintains Find Security Bugs, the static analysis tool.
He discovered significant vulnerabilities in several popular applications like Google Chrome, DropBox, Runkeeper, Jira and more. He has presented at various conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, 44CON and JavaOne.

Read More

Montréal 2020 sponsored by

© 2010-2024 ConFoo. Tous droits réservés. Code de conduite