Semgrep eventsCatch our Staff Security Researcher, Kurt Boberg, and Security Researcher, Max vonBlankenburg, as they take the stage at BSides Seattle. Plus, Semgrep is a proud Core Sponsor of this fantastic event!
📍 Aloft Seattle Redmond
🗓 February 27 & 28
February 28th | 3:00 pm | Kurt Boberg
MCP LFI in 60 minutes (or your money back)
The Model Context Protocol (MCP) is an emerging technology that promises tons of delicious attack surface. In this talk, you'll get a purple team primer on MCP, a demonstration of why you should get a handle on anything being built at your org, and finally some effective defense in depth strategies (that you're hopefully already doing) that will save your bacon.
February 28th | 4:00 pm | Max vonBlankenburg
C Libraries: Shining a Light on a Security Blind Spot
If I’m a Node developer, and I want to get rid of vulnerable dependencies, I run “npm audit”. If I’m a GitHub user, I run dependabot. So, what do I do if I’m a C++ developer? For decades there hasn’t been an easy way to identify vulnerable C packages in our projects, and the problem has only gotten slightly better. In this talk, I will describe why it’s so difficult to find and fix third-party vulnerabilities in C & C++ projects, and lay out possible solutions for making this developer ecosystem more responsive and resilient to the next libwebp, xz and heartbleed incidents.
For more information, visit the BSides Seattle website.