To view a recording of this session Get Adobe Flash player

Dr. Gary McGrawGary McGraw

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area.

He is a globally recognized authority on software security and the author of six best selling books on this topic. The latest, Exploiting Online Games: Cheating Massively Distributed Systems was released in 2007. His other titles include Securing Java: Getting Down to Business with Mobile Code, Building Secure Software: How to Avoid Security Problems the Right Way, Exploiting Software: How to Break Code, and Software Security: Building Security In; and he is editor of the Addison-Wesley Software Security series.

Dr. McGraw has also written over 90 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press.

Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White.

His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary is an IEEE Computer Society Board of Governors member and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine.


 description

Exploiting Software: How to Break Code

Learning objectives

You will learn

  • Why software exploit will continue to be a serious problem
  • When network security mechanisms fail
  • How attack patterns can be used to build better software
  • Why reverse engineering is an essential skill
  • Why rootkits are the apex of software exploit, and how they work
  • Why the only answer is building better software

Overview

Software vulnerability and software exploit are the root cause of a majority of computer security problems. But how does software break? How do attackers make software break on purpose? What tools can be used to break software? This talk is about making software beg for mercy.

Some may argue that discussing software exploit in public is a bad idea. In fact, it's impossible to protect yourself if you don't know what you're up against. Come find out for yourself.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

ISSA OWASP
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.