-
Welcome
-
Subscribe to
Proposals
Software Security Testing
*Excerpt
The objective of this talk is to define common guidelines for security testing on Linux, sharing our concern about software security and the importance of software security testing as part of the development process.
Description
A special care must be taken by organizations to identify and correct software security vulnerabilities. Identifying and correcting software vulnerabilities earlier in the development cycle reduce patch management, incident response costs and mitigate possible software risks and potential exploits.
In this talk we will be discussing the difference between software correctness/safety and software security, the difference between functional and risk-based security testing, white-box and black-box testing, the role of the Software Security Tester and the tools used in the process.
We will be focusing on fuzz testing, discussing fuzzer implementations, its advantages and limitations and fuzzing initiatives like “The Month of Kernel Bugs” and “The Month of Browser Bugs”.
The objective is to define common guidelines for security testing on Linux, sharing our concern about software security and the importance of software security testing as part of the development process.
Tags
security, vulnerability, advisory, exploit, shellcode, payload, assembly, vulnerability research, exploit development, source code auditing, reverse engineering, fuzz, fuzzer, fuzzing
Speaker
-
- Website: http://www.ibm.com/
Biography
Ramon is a Software Engineer at IBM, Linux Technology Center, São Paulo, Brazil and Founder/Security Researcher at RISE Security (a non-profit organization founded in 2004 by three brazilian security researchers). He has extensive experience in vulnerability research, exploitation techniques, exploit development, reverse engineering on a wide range of operating systems and architectures. He also contributes with open source projects like The Metasploit Framework.