Web Village Talks. Part 2
We have already announced the first set of talks of the Web Village section, dedicated to the topic of web application security. Meet the researchers who decided to join them.
Miss the days when you could achieve LFI with a zero-byte? Have you already suppressed your desire to insert null-bytes at the end of all parameters? Have you removed the null-byte from your fuzz lists? Shame. Pavel Sorokin will tell you how some PDO drivers handle null bytes and what it may lead to.
Hacker Adventures on Dating Websites
This is a hacker’s guide on how to meet girls online, by Alexey (SooLFaa) Morozov.
Fantastic Bugs and Where to Find Them
This talk is intended for skeptical bug hunters and those who’re planning to get into the hunt for vulnerabilities. Valeriy (krevetk0) Shevchenko will tell you about his own approaches to bug hunting and tell you about some fantastic bugs found in the wild. Some vulnerabilities were considered extinct. But he who seeks finds 😉
Vulnerabilities of dApps
We will discuss web front-ends of blockchain apps and smart contracts, i.e., dApps (decentralized apps). Technically, dApps have a regular front-end (sometimes it’s packaged in Electron) operating with API, but there are some common patterns for designing such applications and that have their disadvantages. Omar Ganiev will speak about types of front-ends of dApps and what vulnerabilities they have.