Name: Recent Discoveries in My Source Code Review Journey: Navidrome Vulnerabilities
Start: 2024-11-18T18:00:00+10:00
End: 2024-11-18T20:00:00+10:00
Location: level 10/12 Creek St

Join me on a journey through my recent source code reviews, where I uncovered vulnerabilities in Navidrome, an open-source music server written in Go, and explored how JWT libraries prevent algorithm confusion attacks in JSON Web Tokens (JWT).
In the first part of this talk, I will share my findings from examining Navidrome’s codebase, discussing specific security issues that emerged from my review, including insights gained from a CVE analysis.
The second part will focus on JWT algorithm confusion—a prevalent security issue that arises when implementations fail to enforce proper algorithm selection. I will examine real-world examples of this vulnerability and outline common strategies that developers use to prevent such issues.

OWASP Brisbane Chapter

OWASP® Foundation 

Technology

Web Security

OWASP

Information Security

Application Security

Software Security

Computer Security

Cybersecurity

Web Application Security

Wade

Louis Nyffenegger is a security engineer based in Melbourne, Australia. He used to perform pentest, architecture and code review. Louis is the founder of PentesterLab, a learning platform for web penetration testing.

Louis Nyffenegger

Recent Discoveries in My Source Code Review Journey: Navidrome Vulnerabilities

level 10/12 Creek St

Share this event

Recent Discoveries in My Source Code Review Journey: Navidrome Vulnerabilities

Details