Conferences


Links to the slides and materials for talks I have given in the past.


2011


2011 - Gray areas of the Same Origin Policy - OWASP Montreal

2012


2012 - Securing Java Web Application - JUG Montreal

2013


2013 - Outils d'analyse statique pour la sécurité (French) - Confoo

2014


2014 - Files Upload Vulnerabilities - Confoo / OWASP Montreal
2014 - XXE : À l'assaut des analyseurs XML (French) - Hackfest + OWASP Montreal

2015


2015 - La sécurité Java en continu (French) - Confoo / JUG Montreal
2015 - Breaking PRNGs: A predictable talk on Pseudo Random Number Generators - NorthSec
2015 - Rosetta Flash And Why Flash Is Still Vulnerable... - NorthSec
2015 - Find Security Bugs & Reissue Request Scripter - Black Hat Arsenal USA / Europe
2015 - Security Code Review for Your Web Application - JavaOne
2015 - Rosetta Flash And Why Flash Is Still Vulnerable... (Extended) - Hackfest

2016


2016 - Modern XSS: Protections (and bypasses) - Confoo
2016 - The new wave of Deserialization Bugs - AltSecCon + NorthSec
2016 - Roslyn Security Guard - Black Hat Arsenal USA / Europe
2016 - Chateaux de carte ou Forteresse : Votre application web est-elle vulnerable? - ML2

2017


2017 - La sécurité Java en 2017 (French) - JUG Montréal
2017 - Security by Design - AtlSecCon + GoSec
2017 - CSP Auditor - Black Hat Arsenal USA
2017 - Static-Analysis: Now you're playing with power - Hackfest
2017 - Security boot camp for .NET developers - Confoo Vancouver
2017 - Modern XSS: The modern protections (and bypasses) v.2.0 - Confoo Vancouver

2018


2018 - Security boot camp for .NET developers - OWASP Québec + Confoo Montreal
2018 - Orange is the new Hack: An Introduction to Machine Learning with Orange - AtlSecCon + NorthSec + GoSec
2018 - Kill All Humans... Bugs! : Machine Learning to the rescue of code review - 44CON
2018 - Advanced XXE Workshop V1 - OWASP BASC + Hackfest

2019


2019 - Cache Me If You Can - Confoo
2019 - Java Security Code Review: Shall we play a game? - JUG Montreal
2019 - Deserialization: RCE for the modern web applications - AtlSecCon
2019 - Deserialization Workshop - NorthSec
2019 - Advanced XXE Workshop V2 Exercises : [1], [2], [3], [4], [5] - Hack In Paris
2019 - OWASP Find Security Bugs: The community static code analyzer - AppSecGlobal + SecTor

2020


2020 - 5 Unicode vulnerabilities that could byͥte you - Confoo
2020 - Template Injection in Action - Hackfest and GoSec
2020 - Advanced XXE Exploitation - New format based on Hack In Paris material

2021


2021 - Unicode vulnerabilities that could byͥte you (New version) [video] - OWASP Toronto
2021 - Request Smuggling 101 - NorthSec + Confoo + GoSec
2021 - Request Smuggling Workshop - Intent Summit + Hackfest

2022


2022 - Privacy pitfalls for your web application - Confoo
2022 - Web Application Firewall Bypass Workshop: Slides | Workshop Handbook (More details) - NorthSec

2023


2023 - Developing Your First Chrome Extension - Confoo