The dark side of software engineering and how to defend against it
Cassio Goldschmidt - Symantec
Feb 04, 2009Size: 332.0MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractIf you create an application that runs on one or more computers
connected to a network such as the internet, your code will be attacked.
Consequences of compromised systems often include loss of trust,
reputation and revenue. Software will always have defects and
vulnerabilities. Strikes against digital assets are unquestionably on
the rise. We can, however, make it substantially harder to find and
exploit vulnerabilities by identifying insecure coding practices and
developing secure alternatives.
During this practical session, we'll examine in detail the principles
behind some of the worst attack patterns seen today in the software
industry. Most importantly, we'll learn effective defense programming
techniques every developer must employ when building software.
About the SpeakerCassio Goldschmidt is senior manager of the product security team under
the Office of the CTO at Symantec Corporation. In this role he leads
efforts across the company to ensure the secure development of software
products. His responsibilities include managing Symantec's internal
secure software development process, training, threat modeling and
penetration testing. Cassio's background includes over 12 years of
technical and managerial experience in the software industry. During
the six years he has been with Symantec, he has helped to architect,
design and develop several top selling product releases, conducted
numerous security classes, and coordinated various penetration tests.
Cassio represents Symantec on the SAFECode technical committee and
(ISC)2 in the development of the CSSLP certification. He holds a
bachelor degree in computer science from Pontificia Universidade
Catolica do Rio Grande Do Sul, a masters degree in software engineering
from Santa Clara University, and a masters of business administration
from the University of Southern California.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.