Fennix ,
Pronouns: he/him
I'm a lifelong hacker and avid selfhoster/homelabber who works a day job pentesting. On the side, I build CTF challenges and occasionally even go outside to see the world.
Discussion: AppSec Q&A
This is a Q&A session. Moderators will take audience questions both remotely and on-site via sli.do.
Q&A Discussion for the AppSec block
Talk: API: Alternate Pathway to Injection
Talks will be streamed on YouTube and Twitch for free.
API Documentation often gives the simplest most bare-bones examples to get something running. This runs into the old adage: Nothing is more permanent than a temporary solution. Come join me and walk through a particularly fun example of cloud API documentation showing you the wrong way.
Included will be a deep dive and demo of a vulnerability caused directly by this kind of mistake which maybe shows that Phreaking is alive and well in 2024.