DSOLG and London DevOps Collaboration February Event

## Details

Welcome to the DevSecOps London Gathering February Event on Wednesday 19 Feb in collaboration with London DevOps! We bring you two amazing talks, as well as the usual conversations, pizza and beer!

📍 Hosted at Autogen AI, Pentonville Road, London
📅 Wednesday, 19 February
🕕 6:00–8:00 PM

## Talk 1

Abstract:
Concrete CMS, a popular open-source content management system, contains a critical flaw in its file upload functionality that can be exploited in two distinct ways. This talk demonstrates how a single upload can lead to a Server-Side Request Forgery (SSRF), allowing access to internal cloud resources, and a double race condition that enables Remote Code Execution (RCE) via a malicious backdoor. We’ll walk through the exploitation process, show how existing protections can be bypassed, and highlight practical steps to secure file upload mechanisms in real-world applications.

## Talk 2

Abstract
Treat authentication as a production-critical system with its own failure modes and operational risks. In this talk, I break down real-world auth incidents involving JWKS rotation errors, refresh token storms, clock drift, and session store outages. I show how to define SLIs and SLOs that measure user impact and how to build monitoring and alerting that expose real reliability problems. I demonstrate practical guardrails such as token caching, exponential backoff with jitter, circuit breakers, and feature-flagged degraded modes. Finally, I walk through an incident runbook that helps teams diagnose, mitigate, and recover from authentication failures safely and quickly.