Taming Bugs: The Art And Science Of Writing Secure Code presented at HITBSecConf Malaysia 2006

by Paul Boehm,

Tags: Security Cryptography

Summary : Presentation Title:Presentation Details:Writing secure code isn’t just about avoiding bugs. If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Programming is as much about People, as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedStrings for dealing with Injection Bugs (XSS, SQL, etc), and Path Normalization to deal with Path Traversal.About PaulPaul Boehm was a founding member of TESO Security in 1998, and has spent a lot of time breaking code. In 2003 he has worked on quantum cryptography at the University of Vienna where he has developed and implemented an improved efficiency qc protocol. His current interest is in Vulnerabilty Defense and Secure Software. He works as a Security Consultant for SEC Consult.