This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity  #ndcconferences  #security  #developer   #softwaredeveloper    

Attend the next NDC conference near you: 
https://ndcconferences.com
https://ndc-security.com/

Subscribe to our YouTube channel and learn every day:       @NDC 

Follow our Social Media!

https://www.facebook.com/ndcconferences
https://twitter.com/NDC_Conferences
https://www.instagram.com/ndc_conferences

#ai #machinelearning #applicationsecurity #architecture #bugbounty #cloudsecurity #design #devops 

Join in a fun talk about how I accidentally did a time based attack on a big Nordic pet shop. I will touch on the events leading up to the finding, the vulnerability, the disclosure process and the end result.
This will be a non technical talk where you will leave with a fun story, knowledge on an actual vulnerability and how being patient helps.

NDC Conferences

A lighthearted conference talk from NDC Security 2026 where a developer discovers a potential race condition vulnerability in a pet shop's coupon system. By purchasing dog food online and in-store simultaneously, both transactions registered as the free seventh item. The speaker walks through their responsible disclosure attempt (including the lack of a security.txt file and no response from the vendor), and ultimately reflects on the importance of threat modeling, security.txt files, and having proper processes for handling vulnerability reports.

One shop's timing issue is another mans free dogfood - Even Tillerli - NDC Security 2026