February 26-28, 2020
Montreal, Canada

5 Unicode vulnerabilities that could byte you

The number of Unicode code points has never stopped to grow just like its integration in modern technologies. Your web application is likely to support input and output formatted in UTF-8 character encoding. In this talk, you will learn about the security implications. What are the potential side effects of normalizing a UTF-8 string? How encoding can affect security controls? What are the security risks brought by punycode domains?

View all 154 sessions

Philippe Arteau

GoSecure

Philippe est chercheur en sécurité pour GoSecure. Il a un intérêt pour le développement logiciel, les tests d'intrusions et la revue de code sécuritaire. Il maintient l'outil d'analyse statique Find Security Bugs.
Il a découvert des vulnérabilités importantes dans plusieurs applications populaires comme Google Chrome, DropBox, Runkeeper et Jira. Il a présenté dans différentes conférences incluant Black Hat USA, Hackfest (QC), le NorthSec et JavaOne.

Read More

Montreal 2020 sponsored by

Become a sponsor