Verifying Software for Security Bugs - Dynamic Analysis and Fuzzing Testing
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore dynamic analysis and fuzzing testing techniques in this 50-minute OWASP Foundation talk on software security verification. Learn about current verification technologies for identifying security mitigation gaps and vulnerabilities in software implementations. Discover how to implement comprehensive testing batteries to ensure product safety before release, aligning with Application Assurance processes. Get introduced to BinSecSweeper, an open-source, cross-platform tool for security binary analysis of PE and ELF file formats. Gain insights into compliance with Application Assurance best practices and identifying insecure applications in networks. Essential viewing for software developers and AppSec professionals seeking to enhance their security verification processes.
Syllabus
Intro
TALK OBJECTIVES
AGENDA
SECURE DEVELOPMENT: VERIFICATION
OPENSAMM
MICROSOFT SDL
IT'S ABOUT SAVING MONEY!
OTHER VERIFICATION TOOLS
1. BINSCOPE
1. CURRENT VERIFICATION TOOLS
1. BINARY INTELLIGENCE
WHY BINSECSWEEPER?
FEATURES
BINSECSWEEPER IN ACTION (I)
CURRENT WINDOWS CHECKS
CURRENT LINUX CHECKS
2. PLUGIN EXAMPLE: TEST PLUGIN
2. PLUGIN EXAMPLE: WINDOWS ASLR
2. PLUGIN EXAMPLE: LINUX FORTIFY_SOURCE
2. REPORTING
2. BINSECSWEEPER: WHAT'S NEXT
2. BINSECSWEEPER: WHERE?
TIME FOR SOME ACTION
CASE STUDY I: VERIFY YOUR OWN SOFTWARE
POSTURE, AMCE INC
CASE STUDY III: BROWSER SECURITY COMPARISON
VERIFYING SOFTWARE SECURITY POSTURE MATTERSI
BINSECSWEEPER: CALL TO ARMS
REFERENCES
Q&A
Taught by
OWASP Foundation
Related Courses
Software as a ServiceUniversity of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera