Speaker
Description
Regardless of where it is hosted, a codebase could end up in the hands of malicious actors. Aside from the open source scenario, attackers may utilize sophisticated techniques to access and download it. An example is Okta's 2022 breach, in which the source code of the identity and access management platform was obtained from GitHub.
Developers are advised to adopt a shift-left approach, uncovering as many code flaws as possible before releasing it to the public.
"The Open Source Fortress" will provide a framework for detecting vulnerabilities in codebases with open-source tools. The examples imply the discovery of vulnerabilities in a custom, purposefully vulnerable codebase written in C and Python. Static techniques such as symbolic execution, secret scanning, code querying, and dependency scanning will be discussed, as will dynamic techniques such as fuzzing.
Session author's bio
Andrei spent 2022 as a technical leader for a start-up that specialises in automating cybersecurity solutions, as well as being a security engineer in the Romanian Army. After determining that the start-up idea was unviable, he left the public sector and accepted a position at Canonical, working to secure Ubuntu and its open-source components.
Subsequently, he relocated to Switzerland and joined Snap Inc., where he helps make Snapchat a safer platform for our users, free from spam and abuse.
Andrei's current focus is on software security. He has recently contributed to the open-source space and provided advice to start-ups on cybersecurity matters.
Social Media | https://x.com/iosifache and https://infosec.exchange/@iosifache |
---|---|
In Person Attendance | Remote |
Level of Difficulty | Intermediate |
Agree to Privacy Policy and Notice | I agree |
Please confirm that there are included headshots of all speakers in their profiles | Yes |