1. InfoconDB
  2. OWASP
  3. AppSec USA 2016
  4. Lightning Talk - LANGSEC 101: Taking the Theory Mainstream

Lightning Talk - LANGSEC 101: Taking the Theory Mainstream

Presented at AppSec USA 2016, Oct. 13, 2016, 11 a.m. (10 minutes)

LANGSEC has been a promising yet heady topic on the fringes of AppSec for several years, and its ready for a mainstream debut. Heard about LANGSEC but don't know what it is or whether you should use it? Programming languages are getting more powerful and capable, burdening developers and security professionals alike. LANGSEC attempts to solve vulnerability classes that arise from user input unintentionally changing the expected behavior of an application.  This session provides an easy-to follow introduction to the LANGSEC philosophy, and is geared towards those with no prior experience building parsers or understanding of formal language theory. Attacks that can be addressed with the effective implementation of LANGSEC include: - Cross-site scripting (XSS)  - SQL Injection  - Command Injection  - Format String  - Stack Overflow  - Heap Overflow - File Inclusion  Nobody wants these vulnerabilities in their code. This session will begin by pointing out the flaws and limitations of any application security model that is dependent on traditional techniques that rely on signatures, definitions, pattern-matching, regular expressions or taint analysis. Once solely the obscure domain of compiler geeks, Language Security, a.k.a. LANGSEC, is a completely different approach and has gained increasing momentum as a much more thorough, robust way to implement application security.

Presenters:

  • Kunal Anand - Co-founder and CTO - Prevoty
    Kunal Anand is the co-founder and CTO of Prevoty, a runtime application security platform. Prior to that, he was the Director of Technology at the BBC Worldwide, overseeing engineering and operations across the company's global Digital Entertainment and Gaming initiatives. Kunal also has several years of experience leading security, data and engineering at Gravity, MySpace and NASA's Jet Propulsion Laboratory. His work has been featured in Wired Magazine and Fast Company. He continues to develop the patented security technologies that power Prevoty's core products. Kunal received a B.S. from Babson College.

Links:

Similar Presentations: