As last year, this year the conference was a lot about LangSec and that you have to think about your software as something that parses and executes "code" (the input). The less you test your handling of the input the more vulnerable you are. Also as we get more and more devices, the Internet of Things, that are connected which means we have more and more vulnerabilities at home. Most devices today come without any authentication at all, because they need to be simple, and that allows for more and more drive-by attacking to succeed and in a lot of cases permanently infect the devices with malicious code.
My top 3 talks in random order are:
- Andreas Lindh on Attacking Mobile Broadband Modems Like A Criminal
- Hugo Teso on Going deeper on aviation security
- Travis Goodspeed on A neighborly surprise talk