Thursday 

Room 2 

13:40 - 14:40 

(UTC+01

Talk (60 min)

What happens if I change this URI… oooooh

In the latest release of the OWASP top 10, Broken Access Control went from #5 to #1. When a user can access functions or data that should be restricted by just changing the URI, the results can often be catastrophic.

Application Security
Hacking
People
Security Tooling
Testing
Tools

In this talk, I will show why this vulnerability type is commonly overlooked, what happens when it's found using real world examples, how you can prevent such issues and most importantly how you can test for it efficiently.

Halvor Sakshaug

Halvor Sakshaug is involved in everything AppSec at Forsta (Confirmit+Dapresy+FocusVision). His main interests are Content Security Policy (and everything else that can protect the client), bug bounties, teaching security, and looking for vulnerabilities.

In his spare time he does real debugging by helping people get rid of silverfish.