Rewrite code for each update of your favorite framework or keep track of vulverability database of NIST? Delete vulnerable component from internal repository or understand is vulnerability applicable for us? How to start scan 500 kkloc and keep teams informed about vulnerabilities of components used by them?
We’ll tell about our approach to open-source security: how we reuse data of other Appsec practices, how we change tools for our needs and what for us is lack in modern OSS scaners.
If security researcher is bored in hotel at night — it’s time for vulnerabilities!
The story is about specific of authentication in information and communication system which is embedded in TVs in some hotels wolrdwide. This specifity allows adversary to get access to user panel of arbitrary user which disclose some personal data and make possible to interact with kitchen and hotel administration.