Deepsec - Circumventing common Pitfalls when auditing sourcecode for Security vulnerabilities WebMaster Video Tutorials for WebMaster, Free ClipArt Gallery, Images Generators, Search Engines, Fonts, SEO Tools, Java, Validator...
Video Tutorials for WebMasters
Videos



WebMaster
Web Tips
SEO
HTML
SHTML
XHTML
PHP
JavaScript
AJAX
Perl
Linux
Web Server
Web Hosting
Web Templates
Search Engines
Google
AdSense
AdWords






Deepsec - Circumventing common Pitfalls when auditing sourcecode for Security vulnerabilities



This video is part of the Infosec Video Collection at SecurityTube.net: http://www.securitytube.net Deepsec - Circumventing common Pitfalls when auditing sourcecode for Security vulnerabilities Aljosha Judmaier & David White, SEC ConsultThere comes the time where a true security expert has to look at some source code. Everybody knows that ----real men---- use vi, find, grep, and hair-raising Perl and shell scripts to analyze complex software projects. However, at some point, it makes sense to trade in stone knives and bearskins for tools that are more modern. While security tools continue to become more sophisticated and capable the pain of security source code audits doesn.t seem to decrease. This presentation describes the technologies behind advanced static and dynamic vulnerability analysis tools. New algorithms that precisely model the behavior of so-called ----sanitization---- routines help static analysis tools reduce both false positive and also false negative results. A novel approach to finding logical errors using a dynamic and static analysis tool recognizes the assumptions made during development and tries to find a code flow path that invalidates them. Live demonstrations will show that these new approaches are no longer purely theoretical. In practice, even the best tools won.t make security problems go away. The risks of the traditional rush to market are becoming increasingly apparent, and regulators and standardization organizations are beginning to put pressure on companies to fix problems before they arise. Auditors need to put results in context and communicate with their colleagues, developers, and management in a timely and efficient manner in order to implement pro-active security. We conclude with a discussion of new ways to ensure that bugs get fixed before it.s too late.Security Consultant for SEC Consult and Lead Developer for the SECoverer Code analyses framewirk



Channel: Education
Uploaded: August 9, 2012 at 6:58 am
Author: SecurityTubeCons

Length: 40:52
Rating: N/A
Views: 76

Tags:  

Video Url:


Embed Code:


Video Comments

No comments.


All Rights Reserved & Videos are copyright their respective owners
Green Hosting Amazon.com Shop Amazon.co.uk Shop Amazon.de Shop Amazon.fr Shop Domain Name Registration Get Firefox
XML Sitemap ROR Sitemap Make a donation to support our site Creative Commons Attribution-Noncommercial-Share

All materiel : Copyright © 1998-2010 help4web.net - All rights reserved.

SocialTwist Tell-a-Friend