Presented at
The Fifth HOPE (2004),
July 9, 2004, 11 a.m.
(60 minutes).
Automated binary analysis techniques have become sufficiently advanced so that having the source to software is no longer a prerequisite for finding security flaws. The binary is equivalent to the source. And a patch is equivalent to a detailed description of a security flaw. This talk will cover the implications of the latest binary analysis technology and give an overview of some of the technology available.
Presenters:
-
Chris Wysopal / Weld Pond
as Weld Pond
Weld Pond was one of the L0pht members who testified before the U.S. Senate under his pseudonym (and he wasn't even in the witness protection program). He was on the original L0phtCrack team and also wrote Netcat for Windows. Now he specializes in software security and automated vulnerability discovery tools.
-
Christien Rioux / DilDog
as Dildog
Serving as @stake's Lead Software Architect, DilDog came to @stake as a founder from L0pht Heavy Industries, a renowned security think-tank. While at @stake and L0pht, he developed the best selling Windows password auditing tool LC3, and the AntiSniff product. He is also responsible for numerous security advisories in many applications, operating systems, and environments. He is a recognized authority in the areas of Windows product vulnerability assessment, application optimization, and program analysis. His current responsibilities include design and development of the SmartRisk Analyzer (SRA).
Links:
Similar Presentations: