From the Ground Up
Steven van der Baan at AppSec USA 2014
This project started by a challenge given to me at Appsec EU conference in Hamburg as I said that it should be possible to do dynamic source-sink analysis in basic Java applications. My challengers then told me: "Prove it". It took a while, but fairly soon I had a simple setup in which I demonstrated simple Log manipulation on the commandline and that it was detectable. This project is the continuation of that proof and is aimed at developers to help them detect security vulnerabilities using live source-sink analysis. It is dependent on the code coverage and not aimed to be used in a production environment.
Speaker
Steven van der Baan
Security Consultant, 7Safe
Steven van der Baan is a Principle Consultant at 7Safe, an information security organisation based in Melbourn, UK. Steven van der Baan is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions.
Speaker
Steven van der Baan
Security Consultant, 7Safe
Steven van der Baan is a Principle Consultant at 7Safe, an information security organisation based in Melbourn, UK. Steven van der Baan is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions.