Stackoverflow, the vulnerability marketplace
Whether we like to admit it or not, we've all borrowed code from stackoverflow at one time in our lives. Many do it more often than they care to admit. If a vulnerability exists in a stackoverflow code snippet, it's easy for it to go viral in even the most widely used frameworks and libraries. In this talk I’ll share the findings of the research we did resulting in several wide reaching vulnerabilities affecting different ecosystems (Java, Node.js, Go, Ruby, .NET) and many of their applications and libraries. We'll look through the technical details of the vulnerabilities, and what can we do to avoid them.