Proposals

Software Security Testing

*
Talk
lpc2009-0020

Excerpt

The objective of this talk is to define common guidelines for security testing on Linux, sharing our concern about software security and the importance of software security testing as part of the development process.

Description

A special care must be taken by organizations to identify and correct software security vulnerabilities. Identifying and correcting software vulnerabilities earlier in the development cycle reduce patch management, incident response costs and mitigate possible software risks and potential exploits.

In this talk we will be discussing the difference between software correctness/safety and software security, the difference between functional and risk-based security testing, white-box and black-box testing, the role of the Software Security Tester and the tools used in the process.

We will be focusing on fuzz testing, discussing fuzzer implementations, its advantages and limitations and fuzzing initiatives like “The Month of Kernel Bugs” and “The Month of Browser Bugs”.

The objective is to define common guidelines for security testing on Linux, sharing our concern about software security and the importance of software security testing as part of the development process.

Tags

security, vulnerability, advisory, exploit, shellcode, payload, assembly, vulnerability research, exploit development, source code auditing, reverse engineering, fuzz, fuzzer, fuzzing

Speaker

  • Biography

    Ramon is a Software Engineer at IBM, Linux Technology Center, São Paulo, Brazil and Founder/Security Researcher at RISE Security (a non-profit organization founded in 2004 by three brazilian security researchers). He has extensive experience in vulnerability research, exploitation techniques, exploit development, reverse engineering on a wide range of operating systems and architectures. He also contributes with open source projects like The Metasploit Framework.

Leave a private comment to organizers about this proposal