BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//TSNM7K
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-LHVQCJ@pretalx.com
DTSTART;TZID=CET:20260507T133000
DTEND;TZID=CET:20260507T141000
DESCRIPTION:SQL injection and broken authentication remain persistent threa
 ts in modern web applications\, yet many developers continue to assume tha
 t new technologies are immune to classic attacks. This presentation examin
 es a real-world penetration test where we discovered critical SQL injectio
 n and authentication bypass vulnerabilities in a production GraphQL API ba
 cked by PostgreSQL—proving that architectural shifts don't eliminate fun
 damental security flaws.
DTSTAMP:20260412T011306Z
LOCATION:Workshops and Stage - Gernsback (C1.05.02)
SUMMARY:What's Old is New: Exploiting Classic Vulnerabilities in GraphQL AP
 Is - Aleksa Zatezalo
URL:https://pretalx.com/bsidesluxembourg-2026/talk/LHVQCJ/
END:VEVENT
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-YH7DVE@pretalx.com
DTSTART;TZID=CET:20260507T154000
DTEND;TZID=CET:20260507T162000
DESCRIPTION:The talk will cover common techniques to upload client-side log
 s to AWS S3 buckets\, integrations with third-party database services like
  Supabase\, and server technologies commonly used for financial data proce
 ssing\, all of which result in leaked API keys when misconfigured.  Three 
 distinct vulnerabilities will be demonstrated\, each showcasing different 
 variations of the core anti-patterns in multiple contexts. Attendees can e
 xpect to receive a structured framework for understanding how these flaws 
 manifest across different technologies. The session will conclude with a c
 omprehensive discussion of targeted fixes that address the root causes of 
 the anti-pattern. It will move beyond surface-level patches to implement a
 rchitectural solutions that prevent entire classes of similar vulnerabilit
 ies. These remediation strategies will include both immediate tactical fix
 es and longer-term architectural improvements that strengthen overall syst
 em security posture.
DTSTAMP:20260412T011306Z
LOCATION:Workshops and Stage - Design Space (C1.05.12)
SUMMARY:Leaky API Keys\, Log Tampering\, and Account Takeover - Aleksa Zate
 zalo
URL:https://pretalx.com/bsidesluxembourg-2026/talk/YH7DVE/
END:VEVENT
END:VCALENDAR