Play all

whoami

What is this talk about?

More than what meets the Eye

Code Insecurity (INSECURE Framework)

N - Non-repudiation non-existent

E - Errors & Exceptions Mis-/Un-handled

C-Cryptographically Weak Code

U - Unsafe / Unused Functions in Code Banned Ansecure Ale Unknown APIs and Interfaces Vestigial Functions (Crl+C. Ctrl+X, Ctrl+V)

E - Elevated in Privileges

Defense against Injection

Defense against Non-repudiation

Defense against Spoofing

Defense against Errors & Exception Mis-/Un-handling Laconic error messages

Defense against Cryptographically Weak Code

Defense against Unsafe / Unused Functions

Defenses against Reversible Code

Defenses against Elevated Privileges Check authorization before allowing privileged operations Non-admin accounts used for code execution

Conclusion

Description:

Explore a comprehensive conference talk on code security and insecurity, delving into the INSECURE framework. Learn about non-repudiation, error handling, cryptographic weaknesses, unsafe functions, and privilege elevation in code. Discover defensive strategies against various security threats, including injection attacks, spoofing, and reversible code. Gain insights into best practices for secure coding, such as implementing proper authorization checks and using non-admin accounts for code execution. Enhance your understanding of code security principles and practical defense mechanisms to improve your software development practices.

Code Insecurity or Code in Security - Mano Paul

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Application Security #Secure Coding Practices

0:00 / 0:00