[ :: mainpage :: register :: conference :: training :: venue map :: agenda :: press/media ]
[ :: capture the flag (CTF) :: zone-h hacking challenge :: open-hack :: forum :: sponsors ]
[ :: contact :: past conferences :: open source security project showcase ]

Conference presentation materials have been released.
You can download them from Packet Storm

Nish Bhalla

Filed under: Conference Speakers — Administrator @ 8:21 pm

April 21, 2005

Presentation Title: Analyzing Code for Security Defects
Presentation Details: The objective of the talk is understanding how to review large code bases for security defect. It can be used as methodology to identify security problems when reviewing code. The overall focus will be on the finding security vulnerabilities and the implementation of countermeasures however, the same techniques can also be implemented to help develop secure development practices.

Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker’s point of view. The talk will cover basics of threat analysis, how to assess threats and what are some of the vulnerabilities that could exists in code when performing code reviews for large code bases.

About Nish:

Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews.

He has coauthored “Buffer Overflow Attacks: Detect, Exploit & Prevent”and is a contributing author for “Windows XP Professional Security” and “HackNotes: Network Security”. Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written articles for securityfocus.com and also spoken at web seminars for Global Knowledge and University of Florida.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews for major software companies, online banking and trading web sites, and e-commerce sites. He also helped develop and teach the “Secure Coding” class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Comments are closed.


Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Main Sponsor


Microsoft Corporation

Official Airline Partner


Malaysia Airlines

Open-Hack Sponsor


VIA Technologies Inc.

CTF Sponsor


Scan Associates

CTF Prize Sponsor


Defenxis

Media Partners:


The Virus Bulletin Conference takes place at The Burlington, Dublin, Ireland, 5 to 7 October 2005. Register here.

Phrack Magazine


Our Speakers Are Supported By:


Bellua Asia Pacific


F-Secure Corporation


Supporting Organizations


HERT


Chaos Computer Club (Germany)


X-Focus China


Zone-H Defacement Mirror


Xatrix Security


SyScan05


Special Interest Group in Security & Information InteGrity Singapore

Copyright 2005 Hack In The Box (M) Sdn. Bhd.