Speakers & Workshops

  • Viktor Lindström – Passwords are dead! (workshop)

    Passwords are dead! We all know it, they can no longer be trusted. Only this year, the well known Troy Hunt has made his point over and over and OVER again. Yahoo did a boo boo, Linked in did a boo boo, Dropbox did a boo boo… The list is so long it’s not even [read more]


    Lucas Lundgren has a vast experience in IT security, with the “bad luck” (or tendency) to annoy companies by reporting vulnerabilities in their products. He started breaking things at the age of twelve, and has reported numerous vulnerabilities in various products. Having worked with penetration testing professionally for over 19 years, Lucas has held IT Security positions [read more]

  • Ahmed Neil – Digital Forensics: Know your enemy and know yourself (workshop)

    The widespread use of computers in many daily bases fields has caused computer crimes to increase. This allowed cyber criminals to maliciously attack vital computational infrastructure to obtain or misuse the information illegally. After a crime occurred in a computer device, an investigation process should take place to reveal what happened based on some evidence. [read more]

  • Alex Inführ – PDF + the Web: What could possible go wrong

    PDF is a well-known file format in the world of PCs and even mobile phones. This talk will focus on PDF Features in the context of the World Wide Web. As soon as a PDF is opened in a Web Browser, the rules and security implication change. The talk will discuss features like Formcalc, an [read more]

  • Nanne Baars – WebGoat: Teaching application security 101 (workshop)

    A good defense against insecure code requires understanding the mechanics behind how attackers exploit simple programming mistakes. The WebGoat team will walk through exercises like SQL Injection, XSS, ReDOS, CSRF, … and demonstrate how these exploits work. We will show you how you can use WebGoat to train your developers to avoid these simple but [read more]

  • Björn Kimminich – Gothenburg pwns the OWASP Juice Shop (workshop)

    OWASP Juice Shop is an intentionally insecure web app made for pentesting and security awareness trainings. It as written entirely in the most sophisticated, beautiful and secure language on the planet: Javascript! With reference to the OWASP Vulnerable Web Applications Directory it seems to be the first (intentionally) broken web app published using Express/Angular/Node! In [read more]

  • Avi Douglen – Passwords, Rehashed All Over Again

    Passwords suck. It’s no secret – passwords are boring, passwords are weak, passwords are STOOPID. We all hate using them, we all hate building systems for them, we all hate breaking them, we all just hate dealing with them. Nevertheless, passwords are here to stay as the most common authentication mechanism. At least, passwords are [read more]

  • Janne Haldesten – Please hold, your call is being rerouted: Vulnerabilities in the SS7 protocol

    Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, messaging and other mass market services. While vulnerabilities in SS7 [read more]

  • Marielle Eide – The new General Data Protection Regulation – Are you ready?

    In May 2018 a new data protection regulation (“GDPR”) will enter into force. GDPR includes, among other things, extended security requirements for personal data which companies need to adapt to, such as “privacy by design and privacy by default”. A company that doesn’t follow the rules risk getting administrative fines of up to 4 %, [read more]

  • Lukasz Olejnik – (Ab)using Web Sensors: Privacy for the Modern Web

    For majority of users, web browser is the most important computer application. Increasingly complex, exciting and rich, features are standardized by W3C and implemented in web browsers on a normal basis. New browser features introduce interesting privacy challenges for standardization, research and development. I will demonstrate privacy analyses of a number of web browser mechanisms, [read more]