Back to Basics: Looking for subtle bugs in beginner programming constructs


Authors:   Cole Cornford


The talk emphasizes the importance of clear and structured code in preventing security vulnerabilities. The speaker highlights the need to pay attention to basic programming constructs and avoid inscrutable code.
  • Clear and structured code is essential for assessing a program's security posture.
  • Basic programming constructs like comparisons, conditionals, loops, and more can lead to security vulnerabilities if not understood properly.
  • Inscrutable code is prevalent in many industries and can be difficult to assess for security vulnerabilities.
  • The speaker recommends using clear expressions and structuring code to avoid mistakes and make it easier to read.
The speaker provides examples of inscrutable code, such as complex regular expressions, and emphasizes the need for clear expressions and structured code to prevent security vulnerabilities.


In this talk, Cole will cover how some more subtle programming mistakes can end up becoming security issues. Authentication bypasses, injection, and more can simply stem from misunderstanding basic programming concepts like comparisons, conditionals, loops, and more.Cole hopes that people will come away from this talk with a more thorough eye towards the basics, and how applying a critical security lens to the architecture of your code can help you find bugs.


Post a comment

Related work

Authors: Rebecca Bilbro, Patrick Deziel

Conference:  Defcon 28

Conference:  BlackHat USA 2020