Top 4 'Security Development Lifecycle' Talks From Black Hat Conference 2018 (USA)

Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world. 

Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9).

(Source: Black Hat Conference USA 2018)

1) Threat Modeling in 2018: Attacks, Impacts and Other Updates

Speaker: Adam Shostack

Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what's new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable. This includes new properties of systems being attacked, new attack techniques (like biometrics confused by LEDs) and a growing importance of threats to and/or through social media platforms and features. Take home ways to ensure your security engineering and threat modeling practices are up-to-date.

>>Go To Presentation

2) Stop that Release, There's a Vulnerability!

Speaker: Christine Gadsby

This presentation looks at the real world process of the BlackBerry Product Security team. In partnership with product owners, developers, and senior leaders, they've spent many years developing and refining a software defect tracking system and a risk-based release evaluation process that provides an effective software 'security gate.' Working with readily available tools and longer-term solutions including automation, we will provide solutions attendees can take away and implement immediately. • Tips on how to document, prioritize, tag, and track security vulnerabilities, their fixes, and how to prioritize them into release targets • Features of common tools [JIRA, Bugzilla, and Excel] you may not know of and examples of simple automation you can use to verify ticket resolution. • A guide to building a release review process, when to escalate to gate a release, who to inform, and how to communicate.

>>Go To Presentation


3) AI & ML in Cyber Security - Why Algorithms are Dangerous

Speaker: Raffael Marty

In this talk, We will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. We will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.

>>Go To Presentation

4) Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMa...

Speakers: Bhargava Shastry, Dominik Maier, Vincent Ulitzsch

This talk shows how FExM permits automated distributed fuzzing of applications; crash exploitability classification; and is equipped with a web front end for navigating security issues in a convenient way. Our work automatically retrofits fuzzing into the security development lifecycle.

>> Go To Presentation

Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)

Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Views: 112

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service