1

Bad software is eating the world.

Mark Felegyhazi

CrySyS Lab / avatao

2

“Software is eating the world”

3

Challenges of the software economy

need skilled people

to build secure software

4

Internet of Things

5

6

Barnaby Jack pacemaker hack

7

Barnaby Jack pacemaker hack

1.  Bedside transmitters sold with pacemakers (9-15m) 2.  Ping to discover model and serial number of

transmitter 3.  Reprogram transmitter firmware 4.  Reprogram the pacemaker remotely 5.  Transmitters have access to remote servers 6.  Upload specific firmware to remote servers and

cause mass killing

8

Self-driving cars

9

CrySyS car hacking

PC running WinCC PLC management software

PLC controlling the uranium centrifuges

uranium centrifuges

PC running a vehicle diagnostic software

ECU controlling some function of the vehicle

vehicle

10

Critical infrastructure

11

11

12

Websites are the key target

13

Apps are no better

14

What can happen? – Advanced attack

15

What can happen? – Weak suppliers

16

What can happen? – OpenSSL Heartbleed

17

How to write secure code?

18

Secure software development

hackers live here

19

cost

time

cost of security bugs

design development testing production

1x 5x

15x

60x

20

cost

time

cost of security bugs

design development testing production

1x 5x

15x

60x

21

Code reuse

22

Debugging (for security)

23

Rubber-duck debugging

24

Code review

25

Pair programming

26

Automated code testing

27

Use reliable crypto protocols

28

Need people to write secure code

29

Businesses need IT people

30

No bad developers, please

31

Security is missing from education

32

security @ universities?

33

Practice labs are very costly

costly to build practice labs (infrastructure AND content)

34

it must be fun

35

Need practical, fun learning!

36

avatao High-quality, up-to-date

IT security exercises

37

Security tool tutorials

38

Hacking events (created in 5 mins)

39

Security for developers

40

Join our community to build secure software!

http://platform.avatao.com/defcamp2016

(open until Sunday, Nov 13)

Mark Felegyhazi w: http://avatao.com e: contact@avatao.com

41

Security tools and fun adventures

Hands-on IT security challenges

Hands-on exams proving true skills

Expert community

Cost-effective training

Cloud-based virtual platform

KNOWLEDGE YOU NEED