London DevOps #98 and DevSecOps London Gathering Collab
Details
We're hosting our first meetup of 2026 in collaboration with our friends from DevSecOps London Gathering. We'll be generously hosted at the AutogenAI offices near King's Cross, and we'll feature two talks that should be of interest to both audiences.
6:00pm - Arrival
6:45pm - Introductions
7:00pm - The Talks
Concrete Evidence: Two Races, One RCE - Adrian Tiron
Concrete CMS, a popular open-source content management system, contains a critical flaw in its file upload functionality that can be exploited in two distinct ways. This talk demonstrates how a single upload can lead to a Server-Side Request Forgery (SSRF), allowing access to internal cloud resources, and a double race condition that enables Remote Code Execution (RCE) via a malicious backdoor. We’ll walk through the exploitation process, show how existing protections can be bypassed, and highlight practical steps to secure file upload mechanisms in real-world applications.
Adrian is the Co-Founder and Principal Pentester/Red Teamer at Fortbridge, bringing over 20 years of hands-on experience in cybersecurity. Adrian is known for delivering highly technical, practical content drawn from real-world assessments, and is passionate about pushing the boundaries of modern application security.
Keeping login from taking down your product with an SRE approach to auth – Viola Lykova
Treat authentication as a production-critical system with its own failure modes and operational risks. In this talk, I break down real-world auth incidents involving JWKS rotation errors, refresh token storms, clock drift, and session store outages. I show how to define SLIs and SLOs that measure user impact and how to build monitoring and alerting that expose real reliability problems. I demonstrate practical guardrails such as token caching, exponential backoff with jitter, circuit breakers, and feature-flagged degraded modes. Finally, I walk through an incident runbook that helps teams diagnose, mitigate, and recover from authentication failures safely and quickly.
Viola is a Senior Software Engineer in fintech with an SRE mindset, focused on authentication as a production system. I care about reliability, incident patterns, and the kind of testing that still holds up when traffic spikes, dependencies misbehave, or keys rotate at the worst possible time. Viola speaks on practical auth topics across security and reliability.
Participate in a future Meetup
If you'd like to speak at a future meetup, or if you are able to host or sponsor the event, please fill in this form and we'll get back to you.
