Paul Böhm: Taming Bugs: The Art and Science of Writing Secure Code
Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference
English - June 04, 2006 23:10 - 1 hour - 15.3 KB - ★★ - 1 ratingTechnology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word audio Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedStrings for dealing with Injection Bugs (XSS, SQL, ...), and Path Normalization to deal with Path Traversal.