OverflowMyBuffers
Rudy Dijkstra is Security Researcher at the DIVD as well as Team Lead Offensive Security at SUPERP, which means he spends a meaningful chunk of his life in meetings... The rest of it he dedicates to diving into vulnerabilities and whatever research topic has caught his attention that week, on a continuous and apparently unstoppable mission to break things professionally.
Session
It started, as many DIVD investigations do, with someone poking at something they probably shouldn't have and going "...huh." That someone was looking at Mendix, a low-code platform used by thousands of organisations worldwide, including some that really should know better... and what followed was a full-blown research journey that nobody quite expected.
In this talk, Stan Plasmeijer and Rudy Dijkstra walk you through the complete DIVD Mendix security story. From the first accidental discovery to building scanners, coordinating disclosures, and figuring out just how widespread the problem actually was. You'll learn how Mendix works, why it keeps breaking in the same ways, and how to test for it yourself. It's not complicated. That's almost the whole problem.
This talk is for blue teamers wondering what's hiding in their organisation's app landscape, red teamers looking for something new to love, and developers who'd prefer not to feature in someone else's CVE. No prior Mendix knowledge needed. A working sense of humour helps.