Artwork

תוכן מסופק על ידי Black Hat and Jeff Moss. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Black Hat and Jeff Moss או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !

Dominique Brezinski: A Paranoid Perspective of an Interpreted Language (English)

1:16:22
 
שתפו
 

Manage episode 153983869 series 1109073
תוכן מסופק על ידי Black Hat and Jeff Moss. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Black Hat and Jeff Moss או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the potential vulnerabilities may not be obvious at all. Ruby is an elegant and powerful language that supports concepts like reflection and meta-programming. As more developers use the powerful features, more layers of the language implementation get exposed. In the presentation, I will review several vulnerabilities found in Ruby and its standard libraries, some publicly disclosed and others reported privately to the core Ruby developers. The focus of the vulnerability review is to highlight the different levels of the language implementation that need to be audited to identify vulnerabilities for a given application based on the complexity of the language features used. Though Ruby is the example language used in the presentation, the concepts extend to most interpreted languages commonly used today. Dominique Brezinski, resident technologist at Black Hat, has spent the last few years thinking about and implementing advanced intrusion detection and response at the operating system level. His background in security spans the last decade and includes extensive experience in protocol and software vulnerability analysis, penetration testing, software research and development, and operations/incident response in large-scale computing environments. Dominique's former employers include Amazon.com, Decru, In-Q-Tel, Secure Computing Corporation, Internet Security Systems, CyberSafe, and Microsoft."
  continue reading

14 פרקים

Artwork
iconשתפו
 
Manage episode 153983869 series 1109073
תוכן מסופק על ידי Black Hat and Jeff Moss. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Black Hat and Jeff Moss או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
"Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the potential vulnerabilities may not be obvious at all. Ruby is an elegant and powerful language that supports concepts like reflection and meta-programming. As more developers use the powerful features, more layers of the language implementation get exposed. In the presentation, I will review several vulnerabilities found in Ruby and its standard libraries, some publicly disclosed and others reported privately to the core Ruby developers. The focus of the vulnerability review is to highlight the different levels of the language implementation that need to be audited to identify vulnerabilities for a given application based on the complexity of the language features used. Though Ruby is the example language used in the presentation, the concepts extend to most interpreted languages commonly used today. Dominique Brezinski, resident technologist at Black Hat, has spent the last few years thinking about and implementing advanced intrusion detection and response at the operating system level. His background in security spans the last decade and includes extensive experience in protocol and software vulnerability analysis, penetration testing, software research and development, and operations/incident response in large-scale computing environments. Dominique's former employers include Amazon.com, Decru, In-Q-Tel, Secure Computing Corporation, Internet Security Systems, CyberSafe, and Microsoft."
  continue reading

14 פרקים

כל הפרקים

×
 
Loading …

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

 

מדריך עזר מהיר