Talk All Audiences 15:20 - 15:50 August 10, 2024

Paulo A. Silva

David Sopas

Since the first car hit the road, manufacturers have been obsessed with safety. But hey, as AI wisely points out, determining the absolute 'safest' car can be as subjective as trying to decide on the best pizza topping! So, we decided to shift gears… into the world of car manufacturers' (application) security.

In this talk, get ready for a wild ride as we unveil the security findings from our research, affecting at least eleven major car manufacturers. Buckle up, folks, because your favorite brand might be on our list—along with your personal info!

Bring popcorn to watch some proof-of-concept videos.

With this talk we aim to demonstrate:

  • that modern Web Applications are still affected by old/traditional vulnerabilities,
  • how security issues can be chained together to build real attacks/demonstrate impact,
  • highlight a common pattern on running unpatched third-party software,
  • how organizations benefit from a responsible disclosure policy.

Paulo A. Silva

Ethical Hacker / Senior Security Researcher

With a bachelor's degree in Computer Sciences and 15+ years developing software, in the last 10 years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.


David Sopas

checkmarx, char49, david sopas

David Sopas leads a team of security researchers at Checkmarx and co-founder of Char49. With more than 15 years experience in pentesting and vulnerability research, he have been acknowledged by companies like Google, Yahoo!, eBay and Microsoft. Retired from this bug bounty hunting "career", Sopas now focus on IoT security and tries to learn new things every day.