Auditing Perl code for vulnerabilties: A step by step example

50 minutes

Intermediate

English 

This talk will go step by step through the process of auditing a CPAN module for security vulnerabilities. We'll focus on translating basic principles into concrete findings and develop proof of concept exploits to go along with the findings. 

Attended by:
Peter Makholm (‎brother‎)
H.Merijn Brand (‎Tux‎)
Aaron Crane (‎arc‎)
Iaroslav Poliakov
Gianni Ceccarelli (‎dakkar‎)
Leon Timmermans (‎leont‎)
Jason Clifford
Lee Johnson
Ali Zia
Alex Muntada (‎alexm‎)
osfameron
Kerstin Puschke (‎titanoboa‎)
Radosław Pociecha
Manfred Heumann (‎confuseAcat‎)
Stefan Seifert (‎Nine‎)
Ivan Dmitriev
henk vantijen
Erik Johansen (‎uniejo‎)
Choroba
Paul Cochrane (‎ptc‎)
Rish
Anatoly Grishaev
Markus Pinkert (‎Bedivere‎)
Oriol Soriano Vila (‎Uree‎)
Steffen Schwigon (‎renormalist‎)
Michał Kotuła
Mihai Safta (‎SDCM‎)
Jesper Dalberg
István Almási (‎ialmasi‎)
Dmitry Karasik (‎McFist‎)
Olivier Duclos (‎odc‎)
Stefan Hornburg (‎racke‎)
Mike Chamberlain
Stephen Hall (‎predix‎)
Michal Jurosz (‎mj41‎)
Roland Schmitz (‎roli‎)
Snorri Briem
Annette Steinhauer
Cal
Eleatzar Colomer (‎eleatzar‎)
Ilya Chesnokov (‎ichesnokov‎)
Wolfgang Pecho
Leif-Arne Utvik
Marco Pessotto (‎melmothx‎)
Heinz Knutzen
Richard van Lochem (‎rvlochem‎)
Dave Sherohman (‎dsheroh‎)
Miroslav Tynovsky
David Escribano
Vladimir Lashko (‎Ostrovok‎)
H. Daniel Cesario (‎dcesario‎)
Stevan Little (‎stevan‎)
Ivan Kruglov
Andreea Hosu (‎Andreea‎)
Bartosz Jakubski (‎migo‎)
Rui Patinha (‎rfp‎)
Rikus Goodell
John Lightsey (‎J.D.‎)
Hermen Lesscher (‎hermen‎)
Naim Shafiyev (‎shafiev‎)
Markus Förster
Kang-min Liu (‎gugod‎)
Gligan Horea (‎Horea‎)
James E Keenan (‎kid51‎)
Reini Urban (‎rurban‎)
Anatoliy Dmytriyev (‎tolid‎)
Tudor Crisan
Joeri de Bruin (‎dapperedodo‎)
Alberte Thegler
John van Krieken (‎vladtz‎)
steve mynott (‎itz‎)
Jason Tang (‎jason‎)
Thomas Heine
Michael Jemmeson (‎michael‎)
Dirk De Nijs (‎ddn123456‎)