Several government-related and private organizations provide guidance on how to improve the security of existing software as well as best practices for developing new code. These organizations include the Computer Emergency Readiness Team (CERT) Secure Coding Standards, Common Weakness Enumeration (CWE), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Software Assurance Metrics. Fernando’s talk will expose multiple underlying exploitable vulnerabilities in the secure code that follows the recommendations from each of these organizations. Even though these guidelines were created to improve software security, they may also inject side vulnerabilities due to a lack of proper analysis. Within secure code snippets, reviewed by many and considered trustworthy by all, are issues that attackers could exploit to escape secure directories, abuse insecure hashing and encryption practices, or even expose applications
We welcome the Computer Emergency Response Team Austria as a support of DeepSec 2016! CERT.at is the primary contact point for IT-security in a national context. CERT.at will coordinate other CERTs operating in the area of critical infrastructure or communication infrastructure. When it comes to incident response, the coordination of any information regarding the event is crucial. CERT.at fulfils this role since 2008. In addition CERT.at is actively involved in security research. Minibis is a tool for automatically building an automated malware analysis station based on a concept introduced in the paper “Mass Malware Analysis: A Do-It-Yourself Kit”. Have a chat with them during the conference. They will host demonstrations and let you see their software tools in action. Of course, in case you ever have to handle incidents you should talk to them
Handling incidents means that you have to handle information quickly. Collecting, collaboration, and getting the right piece of intel in crucial moments is the key. CERTs know this, and this is why there is IntelMQ. IntelMQ is a solution for collecting and processing security feeds, pastebins, and tweets using a message queue protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give incident responders an easy way to collect & process threat intelligence, thus improving the incident handling processes of CERTs. Get your messaging right before you run into a (security) incident.
2011 is already in full swing. That’s why we have an announcement for you. The 23rd annual FIRST Conference will take place in Vienna, Austria. We strongly recommend to participate. IT security never sleeps, and neither should you – at least when it comes to getting new ideas and get into touch with others. We will be there, so it would be great to meet you. Make sure you drop us a line, so we know you are around. If you have material for a lightning talk, there’s still time to get a slot. You just have to contact the conference office by e-mail. The address can be found on the conference program web site.