{"code":"GTDZAR","speakers":[{"code":"EBCYMH","name":"Martin Haunschmid","biography":"Martin was a long-time developer, before one of his websites got hacked. This way, he realized you can earn money (officially, of course, and always with a permission to attack) doing something he now considers the best job there is. Nowadays he's mostly doing Application Security in the form of black-box web-app penetration tests and source code reviews via his company Adversary GmbH.\r\n\r\nOther than that, he tries to communicate his fascination with the industry to not-so-technical folk by producing the \"Hacks of the Week\" and sometimes does talks.","avatar":null}],"title":"Persons who stare at Source Code.","submission_type":"Talk","track":{"en":"Second Track"},"state":"confirmed","abstract":"Source code review is a skill which complements the black-box toolset perfectly. In this talk, we'll go over the basics of source code review, sources and sinks, some pitfalls and learnings I had from doing (way too) many reviews. Then, we'll have a few challenges: Can you spot the vulnerability of famous CVEs in the source code? Featuring Ivanti, JetBrains and GitLab!","description":"","duration":30,"slot_count":1,"do_not_record":false,"is_featured":false,"content_locale":"en","slot":{"room":{"en":"Track 2 (3.1 (Kreativ))"},"start":"2024-11-23T14:10:00+01:00","end":"2024-11-23T14:40:00+01:00"},"image":null,"resources":[]}