HITBSECCONF2012 - MALAYSIA

THERE WILL ONLY BE A MAXIMUM OF 1010 SEATS SOLD - BE SURE TO REGISTER EARLY!!!

For up to the minute updates on HITB2012KUL, please follow our @hitbsecconf Twitter stream or join our Facebook Group

CHRIS WYSOPAL (CTO/Co-Founder, Veracode)

PRESENTATION TITLE: Data Mining a Mountain of Vulnerabilities

PRESENTATION ABSTRACT:

Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some interesting questions.

There are significant differences in the quantity and types of vulnerabilities in software due to differences in where the software was developed, the type of software it is, in what language it was developed, and for what type of business the software was developed for. Which industries have the most secure and least secure code? What types of mistakes do developers make most often? Which languages and platforms have the apps with the most vulnerabilities? Should you be most worried of internally built apps, open source, commercial software, or outsourcers? How do latent vulnerabilities relate to those most often exploited. These questions and many more will be answered as we tunnel through vulnerability mountain.

ABOUT CHRIS WYSOPAL

Chris Wysopal (AKA Weld Pond), Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld’s Top 25 CTO’s and one of the 100 most influential people in IT by eWeek. In 2010 he was named a SANS Security Thought Leader.

One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software.

Chris was one of the first vulnerability researchers for web applications and Windows, publishing advisories in Lotus Domino, Cold Fusion, and Windows back in the mid 1990′s. Around the same time he also co-authored L0phtCrack, which he still sells today, and ported netcat to Windows.

He graduated from Rensselaer Polytechnic Institute with a BS in Computer & Systems Engineering and is the author of “The Art of Software Security Testing” published by Addison-Wesley.

EVENT ORGANIZER

SUPPORTED AND ENDORSED BY

GOLD SPONSORS

SILVER SPONSOR

HACKWEEKDAY SPONSOR

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

CTF SPONSOR

CTF PRIZE SPONSOR

CTF MANAGED BY

VIDEO RECORDING SPONSOR

NETWORK EQUIPMENT SPONSOR

INTERNET CONNECTIVITY SPONSOR

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

PRESENTATION TITLE: Data Mining a Mountain of Vulnerabilities

PRESENTATION ABSTRACT:

ABOUT CHRIS WYSOPAL

One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software.

Chris was one of the first vulnerability researchers for web applications and Windows, publishing advisories in Lotus Domino, Cold Fusion, and Windows back in the mid 1990′s. Around the same time he also co-authored L0phtCrack, which he still sells today, and ported netcat to Windows.

He graduated from Rensselaer Polytechnic Institute with a BS in Computer & Systems Engineering and is the author of “The Art of Software Security Testing” published by Addison-Wesley.