Philippe Arteau

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. He presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest (QC), 44CON and JavaOne.

The speaker's profile picture


Deserialization: RCE for modern web applications
Philippe Arteau

Deserialization is the process of converting a data stream to an object instance. This 3-hour workshop will go through the basics of exploiting such vulnerabilities in multiple languages.

Workshop 1