Modern Software & Hardware Analysis Techniques in Cybersecurity

Finding security vulnerabilities in applications needs to scale in speed and accuracy as AI driven software development increases and introduces uncertainty in the quality of future software. The ability to customize security scanning to the context of applications is becoming increasingly important due to increasing software complexity.

In this talk, we will discuss some modern techniques used to analyze software and hardware to fix security issues before they may even manifest when vulnerable software runs. Attendees will journey from an overview of core information security principles to the development of custom security tools using open-source technologies. We will cover how static and dynamic analysis of software, networks and data becomes the core of modern open source and commercial information security tools. We will then review some common software flaws in web applications and discuss best practices when writing code so as to avoid these flaws.

To illustrate such security issues, we will take two real world examples - an XSS vulnerability in eBay (2017) and a vulnerability in a consumer-grade Dlink Router (2023). We will demonstrate how we can find such issues early using static analysis tools and frameworks like Joern [http://joern.io]

Our goal is to help researchers and engineers look at the software they build and run on critical systems from a security lens - enabling them to rectify issues early and building a proactive security posture as they build the backbone of modern technological solutions in Canada. Adjacent to this, we also aim to show security practitioners some tools and techniques to build and scale their own sovereign software security tooling.

This presentation is facilitated by Suchakra Sharma. Suchakra is the Chief Scientific Officer at Whirly Labs, where he leads the Security and Privacy Research and Education team. He brings over 10 years of experience in the security and privacy industry, having worked with large enterprise clients and government organizations with a special focus on software analysis tools. He holds a Ph.D. in Computer Engineering from Polytechnique Montréal, where he worked on hardware-assisted tracing for operating systems analysis. He invented the first hardware trace-based virtual machine analysis technique using specialized instructions in Intel chipsets. He has delivered talks, trainings, and lectures on software analysis and cybersecurity at major venues such as RSA, Black Hat, Carnegie Mellon University, USENIX LISA, USENIX Enigma, CPDP, the UN Internet Governance Forum, and NorthSec. He is also a regular contributor to IEEE, serving as a reviewer for leading research journals and conferences.

This event is organized by the Digital Research Alliance of Canada. Click here to register.