How Better Software Testing Can Prevent the Next Heartbleed presented at BSidesRaleigh 2014

by Jonathan Knudsen,

Summary : Heartbleed presents a challenge: how can a catastrophic bug in a widely used software library go unnoticed for two years? This presentation explores how better software testing can expose bugs like Heartbleed.
We’ll begin with a detailed description of the Heartbleed vulnerability and the story of how it was discovered. Then we’ll move on to examine the different types of software testing that are currently available and how these techniques can be used in a secure development life cycle. These include static analysis, dynamic approaches such as fuzzing, and a variety of instrumentation for runtime verification.
Attendees interested in creating robust and secure software will come away with a comprehensive understanding of the techniques that can be used to find and fix bugs before product release.