Security issues? This wouldn’t happen to us. We have all those processes and tools in place, after all. Well, ok – there might be the occasional bug, but how should that be exploited.

In this talk, we’ll examine real-world security incidents, breaking down how vulnerabilities emerge and how attackers exploit them. Through case studies and analysis, we will uncover classes of common security flaws and discuss the practical steps developers can take to prevent these issues – and these are not always “bugs”.

We will see that it is the developers and architects that create security issues and some of them are very hard to foresee and avoid. The goal is to create awareness for the mechanisms of exploits. That might help us to avoid some pitfalls – even ones that are hard to avoid with our processes and tools.

This talk is a slide presentation about the background of a handfull of security incidents that occured over the last years with special focus on the role of developers, rather than the development process.

I held this talk at the Digital Crafts Day 2025 in Weiden.