Room 4 

16:20 - 17:20 


Talk (60 min)

Vulnerability Exists Between Keyboard and Chair

When we think of our apps being hacked, we typically think of the common acronyms that cover technical vulnerabilities: XSS, CSRF, SQLi, etc. (Cross-Site Scripting, Cross-Site Request Forgery, SQL Injection, etc). While these vulnerabilities are important and we do need to be aware of how to avoid them, they aren’t the only threat we need to consider.


We also need to consider the human vulnerabilities, the weaknesses that target the human between the keyboard and chair.

We will look at recent examples of social engineering, such as the attack of Twitter in 2020, and the many stories of cryptocurrency vaults being plundered through SIM-swapping. We’ll also look at password reuse, brute force attacks, and credential stuffing, and even some hardware hacks that fool victims the old-fashioned way. The common thread in all of these cases... The vulnerability existed between a keyboard and chair.

Stephen Rees-Carter

Stephen is a security consultant and crusted-on PHP developer who spends his days doing Laravel Security Audits and Penetration Tests. When he’s not trying to hack his client’s websites, he teaches Laravel developers about security concepts through his Laravel Security in Depth mailing list. Stephen’s idea of fun is spending a year cleaning infected WordPress sites and picking locks.