(online) Uncovering Security Risks in C++ Apps with API Interception

This is the online version of this event. RSVP for this event if you cannot attend in person, but will be viewing online. Do not RSVP to both the in-person and the online event.

-----

Uncovering Hidden Security Risks in C++ Applications with LD_PRELOAD and API Interception

Security is becoming an increasingly important aspect of quality these days. Quality is no longer just functionality and performance testing, but must include security testing as well. Programs written in C++ (or other languages) could have several security risks that (a) static code scanning can't detect (b) engineers like QA teams testing the app do not have access to static code, OR (c) vulnerabilities in 3rd party dependencies whose code isn't scanned. Analyzing running processes by injecting an LD_PRELOAD library and using API interception to observe filesystem, networking, memory and other calls, can help reveal a ton of insecure behaviors. These behaviors could range from processes reaching out to unwanted parts of the network, communicating with UDP, telnet/ssh'ing to unexpected locations, writing to unwanted parts of the filesystem and more.

About the Speaker:
In this presentations, Kiran Kamity, founder & CEO of Deepfactor, will walk through a demonstration showing 80 types of insecure behaviors that can be hidden in applications, that can be uncovered using runtime analysis

------

19:00 - 20:00 - Program Presentation