Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
Survey and Analysis of ICS Vulnerabilities (Japanese)Digital Bond
Masaki Kubo of JPCERT provides some statistical analysis of the ICS vulnerabilities. He also looks at the coding errors that caused the vulnerabilities and takes an indepth look at recent Yokogawa vulnerabilities.