YoVDO

Security Instrumentation - The Future of Software Security

Offered By: LASCON via YouTube

Tags

Application Security Courses DevSecOps Courses Intrusion Detection Courses Software Composition Analysis Courses Dynamic Binary Instrumentation Courses

Course Description

Overview

Explore the future of software security through this 55-minute LASCON conference talk on security instrumentation. Delve into the challenges of traditional security approaches and discover how instrumentation can revolutionize application protection. Learn about adding security capabilities to compiled applications without code changes, including intrusion detection, automatic SBOM reporting, dynamic software composition analysis, interactive security testing, and runtime protection. Gain insights from the inventor on how instrumentation works, its current applications in thousands of organizations, and its potential future impact. Examine topics such as the software security crisis, weak AppSec outcomes, dynamic binary instrumentation, Java instrumentation API, IAST and RASP technologies, securing application portfolios, enhancing DevSecOps pipelines, and harmonizing development and security efforts. Understand why building security into software development has fallen short and explore this powerful alternative for creating more secure and dynamic applications.

Syllabus

Intro
SOFTWARE SECURITY CRISIS
TOOL SOUP
COST TO ASSESS ONE APPLICATION
RIDICULOUSLY WEAK APPSEC OUTCOMES
PUSHING SECURITY THROUGH DEVELOPMENT DOESN'T WORK
HOW CAN WE GET "SECURITY AS CODE" DEPLOYED?
TYPICAL PENETRATION TESTING
TESTING WITH AN AGENT ON THE INSIDE!
MY FIRST SECURITY INSTRUMENTATION
DYNAMIC BINARY INSTRUMENTATION!
JAVA INSTRUMENTATION API
SECURITY INSTRUMENTATION TODAY
HOW IAST AND RASP WORK
SECURING AN ENTIRE APPLICATION PORTFOLIO IN PARALLEL
A DEVSECOPS-ENHANCED PIPELINE
CONTEXT YIELDS BETTER COVERAGE AND ACCURACY
WHAT'S NEXT FOR SECURITY INSTRUMENTATION?
HARMONIZING DEVELOPMENT AND SECURITY
CONTRAST COMMUNITY EDITION


Taught by

LASCON

Related Courses

Practical Uses of Program Analysis - Automatic Exploit Generation
NorthSec via YouTube
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation
Black Hat via YouTube
Android Rootkits - Analysis from Userland and Kernelland
RSA Conference via YouTube
Finding 0days in Embedded Systems with Code Coverage Guided Fuzzing
BruCON Security Conference via YouTube
Pwning Intel PIN
Recon Conference via YouTube