DeepSec 2010: Circumventing common Pitfalls when auditing sourcecode for security vulnerabilities

Speakers: Aljosha Judmaier | David White


This presentation describes the technologies behind advanced static and dynamic vulnerability analysis tools.

A novel approach to finding logical errors using a dynamic and static analysis tool recognizes the assumptions made during development and tries to find a code flow path that invalidates them.

Live demonstrations will show that these new approaches are no longer purely theoretical. In practice, even the best tools won’t make security problems go away. We conclude with a discussion of new ways to ensure that bugs get fixed before it’s too late.

Main category

Disclosure & vulnerability



Be surprised

I know what I'm looking for

Related videos