Be the first to like this
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.