Lets be honest: Year in, year out, we keep finding the same bugs in the same places, and wondering: Why don't they learn? Why don't developers use these beautiful tools we provide them -- parameterized queries, XSRF tokens, X.509 certificates, and escapes in all their glorious forms? I will tell you: It is because these tools are not very good. And they are not very good, because their quality simply has not mattered. Security demands, devs implement, and if devs don't implement, security complains. And six months later, it's the same bugs, in the same places, by the same devs. It doesn't have to be this way. In this talk, I will discuss the theory that most classes of security flaws are actually symptoms of deeper causes. Furthermore, I will present attempts at addressing these causes. Specific areas of investigation will include potential answers to questions, specifically: 1) Why can't we keep code and data separate? 2) Why can't we log into web sites? 3) Why can't we authenticate across organizational boundaries? By answers, I mean code, and by code, I mean a lot of code. I will not provide any assurances that the code is secure -- only extended peer review can do that -- but I want to show another way of doing things. This talk is going to be packed with live demos.
IOActive Dan Kaminsky is the Director of Penetration Testing at IOActive where he specializes in design-level fault analysis, particularly against massive scale network applications. Previously of Cisco and Avaya, Kaminsky has operated professionally in the security space for over ten years. He is well-known for his "Black Ops" series of talks at the well-respected Black Hat Briefings. He regularly collects detailed data on the health of the worldwide Internet, and used this data to detect the worldwide proliferation of a major rootkit. Recently, he discovered a major flaw in the Internet’s DNS infrastructure and worked with security engineers around the world, protecting countless organizations and individuals against this threat.