filmov
tv
CppCon 2015: Gwendolyn Hunt “Secure C++ Programming”
![preview_player](https://i.ytimg.com/vi/Z_jhNuoczfw/maxresdefault.jpg)
Показать описание
—
—
Security vulnerabilities are fundamentally defects in our code. We know many of these defects stem from string processing, buffer overflows and integer underflow and overflows. These defects become security vulnerabilities when an attacker can crash an application, cause undefined behavior that leads to a Denial of Service, privilege escalation or hidden installation of rogue software.
So how do we build more secure C++ software? It starts by gaining an understanding of the basics of security vulnerabilities and how to identify them using the rich set of tools we now have available. With this foundation we can build a development culture where security considerations are pervasive and treated as important as program and algorithm correctness.
This session begins with a survey of common C/C++ string, integer and STL container issues and mitigations for these vulnerabilities. Follows with two detailed examples of vulnerabilities and how to fix their problems. Finishes with a survey of tools and references we have available today.
—
Gwendolyn Hunt has been in the trenches programming C++ for 20-years. Starting with card swipe systems with EDS, asynchronous messaging client server systems with IBM and high resolution surveillance systems for a bleeding edge startup, Gwendolyn has had the opportunity to build a wide-variety of production and commercial software applications. The last four years she has been the development lead for new generation security applications for Tripwire, Inc. When she is not cranking code, Gwendolyn finds telemark skiing and riding technical singletrack to calm the mind.
—
*-----*
*-----*
—
Security vulnerabilities are fundamentally defects in our code. We know many of these defects stem from string processing, buffer overflows and integer underflow and overflows. These defects become security vulnerabilities when an attacker can crash an application, cause undefined behavior that leads to a Denial of Service, privilege escalation or hidden installation of rogue software.
So how do we build more secure C++ software? It starts by gaining an understanding of the basics of security vulnerabilities and how to identify them using the rich set of tools we now have available. With this foundation we can build a development culture where security considerations are pervasive and treated as important as program and algorithm correctness.
This session begins with a survey of common C/C++ string, integer and STL container issues and mitigations for these vulnerabilities. Follows with two detailed examples of vulnerabilities and how to fix their problems. Finishes with a survey of tools and references we have available today.
—
Gwendolyn Hunt has been in the trenches programming C++ for 20-years. Starting with card swipe systems with EDS, asynchronous messaging client server systems with IBM and high resolution surveillance systems for a bleeding edge startup, Gwendolyn has had the opportunity to build a wide-variety of production and commercial software applications. The last four years she has been the development lead for new generation security applications for Tripwire, Inc. When she is not cranking code, Gwendolyn finds telemark skiing and riding technical singletrack to calm the mind.
—
*-----*
*-----*
Комментарии