[Owasp-denver] CFP for SNOWFROC / RSVP for January's OWASP Meeting!
steve.kosten at owasp.org
Mon Jan 16 16:52:22 UTC 2017
We will be hosting our SNOWFROC conference on March 16th and are looking
for a few more great speakers. Please visit the snowfroc.com for more
information and submit your presentation ideas!
Also, we will be hosting our January meeting at Dave and Busters on
courtesy of Solutions II <http://www.solutions-ii.com/> Enjoy some great
food, drinks and networking Come network beforehand and after the
presentation (which will start shortly after 6:00)
Please RSVP here <https://www.meetup.com/Denver-OWASP/events/236784336/>
*TOPIC:* Augmenting your SDLC with LangSec
To be useful, software must process inputs. The format of these inputs is
usually decribed is a standards document---so your programmers just need to
implement the standard's requirements correctly, and your software will be
safe from malicious crafted messages or documents, right? Wrong. Time and
time again standards have not helped avoid misreadings and
misinterpretations, so that individual implementations had both fuzzable
and exploitable bugs. Moreover, different implementations of the same
standard such as ASN.1 or X.509 have been know to disagree to the extent of
their differences being exploitable.
Are programmers always to blame for these bugs, or is something wrong with
the standards themselves? Our theoretical analysis shows that it's often
the standards' fault. These standards actually set up programmers for
inevitable failure---unless countered by a robust SDLC, which we will cover
in case studies of implementing popular and complex ICS/SCADA protocols
such as DNP3.
Following the theory-based call-to-action, the talk will transition to
methods to enhance organizations' SDLC with LangSec-supported practices.
Actionable techniques, tools, and methods will be provided to integrate
LangSec findings into the software your organizations develop to reduce the
defect rate and improve security. Also highlighted will be major
development organizations that have developed coding best-practices that
are well-aligned with LangSec, thus showing the empirical benefits to these
changes to the SDLC
*PRESENTER:* Jacob Torrey
Jacob Torrey is an Advising Research Engineer at Assured Information
Security, Inc. where he leads the Computer Architectures group and acts as
the site lead for the Colorado branch. Jacob has worked extensively with
low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor
and SMM handler. His major interest is how to (mis)use an existing
architecture to implement a capability currently beyond the limitations of
the architecture. In addition to his research, Jacob volunteers his time
organizing conferences in Denver (RMISC & BSidesDenver) and regular
meet-ups across the front range. Twitter: @JacobTorrey
OWASP Denver Chapter Leader
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-DENVER