Loading…
LASCON 2017 has ended
View analytic
Friday, October 27 • 3:00pm - 4:00pm
Security Evaluation of Libraries

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.

The target audience for this talk is security engineers, software development engineers, software development managers, technical program managers and anyone who uses libraries as part of software development process. The attendees will walk away with a methodology on how to review libraries and how to scale secure usage of libraries using secure-by-default implementation.

Software services are built on top of service frameworks such as .net, Java web services, Apache axis etc. These frameworks consist of a set of libraries and other components like support program, compilers, tool sets etc. Applications interact with libraries through well-defined API calls either during the build (static) or at run-time (dynamic). Generally speaking, Application Security programs implement an application-centric review process. They do not cover the criteria to do security evaluations of libraries. The attack surface, threats and data flow for a library are different from an application. This talk discusses the primary difference between applications and libraries and provides a mechanism for evaluating libraries. Specifically, it covers how to scope the assessment of a library and special considerations during architecture review and threat modeling phases. Validation of the secure and correct implementation of the security controls offered by the library is the main goal of the evaluation. By evaluating libraries, we make sure that all the fundamental building blocks of development framework are secure.  By offering guidance on secure-by-default configurations to developers we can strengthen the secure software development process.


Speakers
avatar for Trupti Shiralkar

Trupti Shiralkar

Sr Security Technical Program Manager
Trupti Shiralkar is a Senior Security Technical Program Manager at world’s most disruptive tech company. She manages Cryptography and Application Security Program to build the Next-generation security-by-default foundational technology Platform. | | Trupti has a strong... Read More →



Friday October 27, 2017 3:00pm - 4:00pm
Under Armour Room

Attendees (13)