Towards a LangSec-aware SDLC

Presented at TROOPERS16 (2016), March 16, 2016, 11:30 a.m. (Unknown duration)

The keynote of TROOPERS'15 by Prof. Sergey Bratus highlighted the findings of language-theoretical security (LangSec) vis-a-vis how many classes of vulnerabilities stem from computational and grammar complexity. This talk is aimed at software developers and project managers who are looking to enhance their SDLC with LangSec-supported practices. Actionable techniques, tools and methods will be provided to integrate LangSec findings into the software your organizations develop to reduce the defect rate and improve security. Also highlighted will be major development organizations that have developed coding best-practices that are well-aligned with LangSec, thus showing the empirical benefits to these changes to the SDLC.

Presenters:

• Jacob Torrey
  Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. He can be found posting goofy stuff to his Twitter: @JacobTorrey when not out in the mountains or tending to his critters..

Links:

• https://troopers.de/events/troopers16/605_towards_a_langsec-aware_sdlc/
• https://infocon.org/cons/TROOPERS/TROOPERS 2016/Towards a LangSec Aware SDLC.mp4
• https://troopers.de/media/filer_public/e7/1d/e71dfbe5-c1bd-4bac-978a-6774fc099a83/troopers16_torrey.pptx

Similar Presentations:

• ShmooCon XIII (2017) / LangSec for Penetration Testing: How and Why
• ToorCamp 2018 / Sub-Turing Machines: The End of Unknown Unknowns: How to apply LangSec principles to everything you see
• AppSec USA 2016 / Lightning Talk - LANGSEC 101: Taking the Theory Mainstream