YoVDO

Scare - Static Code Analysis Recognition Evasion

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Software Development Courses Cybersecurity Courses Static Code Analysis Courses Security Vulnerabilities Courses

Course Description

Overview

Explore the limitations of static code analysis (SCA) tools in detecting intentionally concealed security vulnerabilities during this conference talk from the Hack In The Box Security Conference. Delve into various techniques malicious actors can use to evade SCA algorithms, including covert data flow, deep call stacks, circular calls, source mining, data hubs, and taint laundering. Gain insights from experienced SAP security researcher Andreas Wiegenstein as he demonstrates how reliance on SCA tools for custom code security scanning may be insufficient. Examine proof-of-concept code snippets that showcase these evasion methods, and understand the general weaknesses of SCA tools without focusing on specific vendors. Learn why companies should not solely depend on automated analysis and how intentionally placed bugs can bypass detection, potentially compromising software security.

Syllabus

#HITBGSEC D1: Scare: Static Code Analysis Recognition Evasion - Andreas Wiegenstein


Taught by

Hack In The Box Security Conference

Related Courses

Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube
Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube
Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube
ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube
Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube