2025-10-19 –, Wesfarmers Theatre
This session dives into real-world vulnerabilities by dissecting CVEs directly in the code where they occurred. Each example showcases not just what went wrong, but why, with a focus on the subtle coding patterns, missed assumptions, and language misunderstandings that led to the bugs.
For every vulnerability, we will extract a few key lessons: principles or warnings that developers and reviewers can apply to prevent similar issues.
Hi team,
I'm planning to go through a few great CVEs that I think will really get the audience interested. It's based on all the CVEs I look at and the security code review training I run. For each CVE, I start with a bit of background, then show the code and the issue. Finally, I put together a few key lessons developers and code reviewers can learn from these issues. Since all developers are becoming code reviewers with AI (or at least I'm hoping they review before copy/pasting), I think that should be relevant
Thanks for the review.
Louis Nyffenegger is an experienced speaker who has delivered talks and training at major security events worldwide. His sessions focus on web application security, vulnerability research, and advanced code review techniques.