Better Software Conference & EXPO 2004: The Seven Habits of Highly Insecure Software
Over the past few years Herbert Thompson and his cohorts have scoured bug databases for the most malevolent and destructive security bugs ever to infest a released binary. Through that search they found that common characteristics and habits emerged-creating temporary files with secure data, trusting that system calls will succeed, foolishly relying on insecure third party components, and many others. In this session, he offers a startling and even scary accounting of the top seven habits of insecure software. Take away a red-teaming strategy that has broken some of the world's most secure software under testing contracts with Microsoft, IBM, the US DoD, and many others. Use this approach to make your software more secure, and you can sleep better at night.
- The differences between security defects and other common errors
- An intimate understanding of security faults as seen by hackers
- A strategy for security testing applications before deployment