Play all

Intro

Welcome!

Venue Floorplan

Keynote speakers

Keynote introduction

About me

Overview

How do I find bugs?

Factors in Choosing an Application

Distribution of Applications

Difficulty of Exploitation

Security of Software

Methods of Vulnerability Analysis

Weaknesses of Static Analysis

Failures of Static Analysis

Dynamic Analysis, aka "Fuzzing"

Failures of Dynamic Analysis

What do I do? Given enough time...

Advantages

Case study

Instrument webkit

Run the test suite

Fuzzing PCRE

A small auth server

Getting Control

A "Good" Crash

The Corresponding HTML

Getting PC

Shellcode

An iOS 5.0 code signing bug

Running unsigned code

Apple review process

The Daily Hoff

Instastock

Conclusions

Description:

Explore a keynote address from AppSecEU 2016 in Rome, delivered by Charlie Miller, focusing on the impact of bugs on software security. Delve into various methods of vulnerability analysis, including static and dynamic approaches, and their respective weaknesses. Learn about factors influencing application selection for security testing, distribution of applications, and the challenges of exploitation. Gain insights from real-world case studies, including instrumenting WebKit, fuzzing PCRE, and discovering an iOS code signing bug. Understand the importance of thorough testing and the potential consequences of overlooked vulnerabilities in software development and security.

Bugs Ruin Everything - Keynote on Vulnerability Analysis and Exploitation

OWASP Foundation

Add to list

#Information Security (InfoSec) #Cybersecurity #Software Security #Vulnerability Analysis #Programming #Software Development #Software Testing #Dynamic Analysis #Static Analysis #Mobile Development #iOS Development #iOS Security #Fuzzing

0:00 / 0:00