You are viewing content from a past/completed QCon

Presentation: This Will Cut You: Go's Sharper Edges

Track: Security: Lessons Learned From Being Pwned

Location: St James, 4th flr.

Day of week: Wednesday

Slides: Download Slides

Level: Intermediate - Advanced

Persona: Developer

Share this on:

Abstract

An expression of function within a software ecosystem is inextricably bound to the lexicon used to express it. I explore how distinct, exploitable misuse patterns arise in software languages, and through example in Go – in particular a quietly prevalent and worryingly effective denial of service attack on Go systems affecting the Go toolchain itself – hope to begin greater discourse on the language's distinct security characteristics.

Speaker: Thomas Shadwell

Security Engineer @Twitch

I am an application security engineer at Twitch. I'm best known for breaking things I like using including reporting 120 vulnerabilities in Steam, breaking Steam's login encryption or getting XSS, then remote code execution in Mr Robot's website. Breaking what I like using is also how I ended up working at Twitch, which is a story for another time.

Find Thomas Shadwell at

Last Year's Tracks