Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!
Our eighth announcement is Philippe Arteau’s workshop – Advanced Java Application Code Review
Modern corporate environments use diverse technologies. Security analysts (code reviewers and pentesters) need to be able to understand how components work under the hoods. This workshop will cover various classes of vulnerabilities with a Java twist. The exercise will be on the code analysis of a custom sample application. The open-source tools Find Security Bugs and SonarQube will be used. This training will cover the following classes of vulnerabilities: XXE (XML eXternal Entity), expression injection, deserialization vulnerability, Path Traversal, HQL injections and XSS.
Philippe is a security researcher working for GoSecure. He is the author of the Java static analysis tool Find Security Bugs. He is actively doing research to find new attack vectors and develop new tools. His experiences are both in the offensive and the defensive side, having the chance to do countless pentests and code reviews.
He has also built many plugins for Burp and ZAP proxy tools (Reissue Request Scripter, Retire.JS, PDF Viewer, CSP Auditor, etc.). He has discovered many vulnerabilities in popular software including Google Chrome, Dropbox, Paypal, RunKeeper and Jira.