Curry On
Amsterdam!
July 16-17th, 2018


Live, On Ice!
Sztefan Edwards
nVisium LLC

@lojikil

Abstract

Let’s see how far we can push the chess timer format: Curry On, I challenge you to a game! We will play a red-blue capture the flag (CTF). The audience will play the role of attacker, and attempt to exploit common vulnerabilities such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Unnecessary Open Ports. I, your brave speaker, will play the blue team, and attempt to defend against these attacks using only better type systems, compiler warnings, and my roguish wit. The audience should leave this talk with: - a basic understanding of what these vulnerability classes are and why they exist - how (near-)trivial application of types can lead to more robust designs - and how none of these vulnerabilities need to exist within modern systems and frameworks (and indeed do not within certain languages/frameworks) This talk will mainly focus on Scala, but can be easily applied to any language, such as F#, Java, or C#.

Bio

Sztefan is the Director in Charge of Adversarial & Threat Services at a security startup. That’s a fancy way of saying he does all the weird stuff in security, and is basically an infosec janitor. His work encompasses training, secure development, penetration testing, adversary simulation, incident response, preaching the good news of security nihilism, and working too much. When he’s not working, he’s playing with his son, reading something, growing something, or building something out of wood.