Philippe Arteau

Philippe Arteau

Philippe est chercheur en sécurité pour GoSecure. Il a un intérêt pour le développement logiciel, les tests d'intrusions et la revue de code sécuritaire. Il maintient l'outil d'analyse statique Find Security Bugs.
Il a découvert des vulnérabilités importantes dans plusieurs applications populaires comme Google Chrome, DropBox, Runkeeper et Jira. Il a présenté dans différentes conférences incluant Black Hat USA, Hackfest (QC), le NorthSec et JavaOne.

Vancouver 2017 sessions

Bypassing Modern XSS Protections

English session - Intermediate

In modern web environment, there is plenty of XSS protection mechanisms. Web browsers are providing client side filtering for XSS. Chrome, Internet Explorer and Edge are providing filtering to defend their users. What are the limitations of each? Frameworks are also adding proactive mechanisms. Can we rely on them?
There will be no 0-day bypass for web browser bypass. In will be instead, the presentation of the general heuristics for each.

Security boot camp for .NET developers

English session - Beginner

Security best practices are often generic and language agnostic. This makes the life of a developer much harder than it should be. In this talk, a survey of the most common vulnerabilities in .NET context will be presented. Different vulnerability classes will be explored including XSS, injections and application misconfigurations. This will be done through live demos using open-source vulnerability finding tools specialized for .NET.

Montreal 2016 sessions

Montreal 2015 sessions

Montreal 2014 sessions

Montreal 2013 sessions