Room 5

16:20 - 17:20 (UTC+10)

Talk (60 min)

Vulnerability Exists Between Keyboard and Chair

When we think of our apps being hacked, we typically think of the common acronyms that cover technical vulnerabilities: XSS, CSRF, SQLi, etc. (Cross-Site Scripting, Cross-Site Request Forgery, SQL Injection, etc). While these vulnerabilities are important and we do need to be aware of how to avoid them, they aren’t the only threat we need to consider.


We also need to consider the human vulnerabilities, the weaknesses that target the human between the keyboard and chair.

We will look at recent examples of social engineering, such as the attack of Twitter in 2020, and the many stories of cryptocurrency vaults being plundered through SIM-swapping. We’ll also look at password reuse, brute force attacks, and credential stuffing, and even some hardware hacks that fool victims the old-fashioned way. The common thread in all of these cases... The vulnerability existed between a keyboard and chair.

Stephen Rees-Carter

Stephen has been a PHP developer for many long years and still loves working with PHP every day. His latest project, Laravel Security in Depth, teaches Laravel developers about security concepts. He’s worked on a number of security products (including Wordfence, the most popular WordPress security plugin), large SaaS applications, single-use disposable apps, and even spent a year cleaning infected WordPress sites for fun! Stephen is a Certified Ethical Hacker and loves teaching non-security people how to think like a hacker by showing just how easy it is to hack into insecure things, both digital and physical!