Add talk about vulnerabilities detection

2024-Conference/talks/2024-Vulnerability-detection

@@ -0,0 +1,26 @@
+! Vulnerability detection
+Title: Detecting and preventing Pharo vulnerabilities
+Name: Imen Sayar, Steven Costiou
+Email: [email protected], [email protected]
+
+""Abstract:""
+Object-oriented applications are prone to vulnerabilities in their code leading to attacks. These attacks, once detected, are declared in known databases such as 
+Mitre (https://cve.mitre.org/) and NVD (https://nvd.nist.gov/). Based on some criteria such as the severity and the scope, these attacks are classified according to the 
+Open Source Foundation for Application Security (OWASP: https://owasp.org/www-project-top-ten/) into more than 10 categories. 
+In the Mitre database, there are no declared attacks against Pharo code.
+Recently, we have conducted an experiment to simulate attacks on Pharo using log files as a entry point for attacks. We have succeded in carring out an attack targeting code written in Pharo.
+In this talk, we will present some concepts linked to the attacks of object-oriented languages. We will, then, give a PoC and explain how the simulated attack is perfromed. 
+We will conclude by giving some lessons learned and good practices to avoid this kind of attacks. 
+
+
+""Bio:""
+Imen is a Lecturer in Computer Science in the Evref Team and at the FST of University of Lille. 
+She has obtained her Ph.D from the University of Lorraine. Her research areas include the code analysis for vulnerability detection, meta-modelling, and formal development 
+of Cyber-Physical Systems (CPS) and Systems of Systems (SoS). 
+You can contact her at [email protected]
+
+Steven is an Inria researcher and works in the EVREF team. 
+He builds and studies debugging tools to help developers understand their programs and fix bugs.
+In this context, his research interests span reflection and meta-programming, object-centric instrumentation, dynamic software adaptation and dynamic languages.
+Website: https://kloum.io/costiou
+