2024-08-30 –, Track 2
Discover how storytelling can captivate developers and enhance cybersecurity awareness. Through five true stories, learn the impact of storytelling on understanding application security and its essential lessons.
In Web applications, security flaws are everywhere, and understanding how they are introduced (and how to avoid them) is crucial. In this talk, I share true stories about vulnerabilities, in order to talk about security in a concrete way.
After more than 40 issues of a newsletter that explains and popularizes significant security flaws, how these vulnerabilities arose and how developers can protect themselves, I've selected 5 that are particularly interesting. Either to understand a particularly sophisticated aspect of application security, or to illustrate the value of storytelling in cybersecurity. Did you know that you could be hacked from your mailbox? Or that it was possible to steal sessions on ChatGPT by requesting a CSS style sheet?
In this talk, I’ll speak about:
- The value of storytelling in learning about security.
- Technical analyses of 5 vulnerabilities, from discovery to resolution.
I hope to give you a new perspective on security, introduce you to advanced application security concepts, and inspire you in turn to tell stories.
Paul Molin is the CISO of the Theodo Group.
After training in information systems security, he joins Theodo in 2013 and becomes passionate about web development. Very quickly, he specializes in security issues by helping Theodo teams to succeed in their post-production audits. He eventually becomes group CISO, and he is committed to creating a security culture in a developer company. He loves giving talks, especially to help developers understand the cybersecurity world. Convinced that it is developers who will change the world of cybersecurity, he leads trainings and develops tools to help them code flawlessly the first time.