Software Security Analysis - Present and Future Research Initiatives

Explore the current landscape and future directions of software security analysis in this 49-minute conference talk from the Hack In The Box Security Conference. Delve into the ongoing challenges posed by memory corruption bugs in applications written in unsafe languages like C and C++. Examine the arms race between attackers and defenders, and learn why weakening the assumption of attacker control is crucial for staying ahead in software security. Discover the importance of automated security testing techniques for early bug detection and the need for strong, practical attack mitigation strategies. Investigate the potential of automatically generating exploits to proactively assess and strengthen system security. Cover key topics including program comprehension, vulnerability analysis and detection, attack mitigation, automatic exploit generation, and automated healing. Gain insights from Dr. Sanjay Rawat, Lead Security Researcher at the Digital Security Research Centre, as he shares his expertise in fuzzing, vulnerability research, and security program analysis.

Intro
About the Talk
Take Away
Vulnerability Research
Attack Mitigation techniques
Self-Healing (automated patching)
Program comprehension from its security properties standpoint
Program Analysis for complex (large) applications
Program analysis...
Exploit Mitigations
Automatic Exploit Generation (AEG)
Things to solve for patching
Hybrid approaches to vulnerability discovery