ShiftLeft to present at No Hat 2021 conference


Receive instant alerts for news on your actions. Claim your 1-week free trial for Street Insider Premium here.


SANTA CLARA, Calif .– (BUSINESS WIRE) – ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Chief Scientist, Fabian Yamaguchi, and Security Research Engineer, Claudiu-Vlad Ursache, will give a presentation focused on Ghidra2cpg at the No Hat conference in Bergamo, Italy on November 20, 2021. The No Hat 2021 is a security conference organized to bring together specialists, professionals and amateurs operating in the field of computer security and confidentiality.

Event details:

Who: Fabian Yamaguchi, Chief Scientist and Claudiu-Vlad Ursache, Security Research Engineer, ShiftLeft

What: Virtual session: Presentation on Ghidra2cpg: From graph requests to vulnerabilities in binary code

When: Saturday, November 20, 2021, 11:15 a.m. – 12:00 p.m. CET

Or: Centro Congressi Giovanni XXIII – Bergamo, Italy

For more information visit: https://www.nohat.it/program

Summary of the session – Ghidra2cpg: From graph requests to vulnerabilities in binary code

Finding bugs in the source code is hard enough, but when all you have is a binary, the importance of tooling becomes undeniable. Disassemblers like IDA Pro, Ghidra, BinaryNinja, or Radare2 provide a solid foundation for a survey, but are primarily designed to help with what is left of a manual survey. This leaves room for partial automations that make the discovery process less painful.

Fabian and Claudiu were looking to design a binary code search tool that would allow them to uncover instances of programming models related to vulnerabilities – at scale and for several major instruction sets. In this talk, they will present ghidra2cpg, an extension for the open source code mining platform Joern that allows it to process binary code. Together, Joern and ghidra2cpg allow you to quickly discover the attack surface, search for variants of known vulnerabilities, and collect information interactively using a query language.

In this session, they will show how to write queries for the system that describe bugs in the source code and introduce the corresponding queries for the binary code, highlighting what is more difficult and what is easier to describe by looking directly at the machine code. They’ll also be looking at the firmware on modern consumer grade routers and might give up a day or two in the process.

About Fabian Yamaguchi

Fabian is Chief Scientist at ShiftLeft Inc and Extraordinary Associate Professor at Stellenbosch University. He has over 15 years of experience in the security industry, where he worked as a security consultant and researcher, focusing on manual and automated vulnerability discovery. Throughout his work he has identified previously unknown vulnerabilities in popular system components and applications such as Microsoft Windows kernel, Linux kernel, Squid proxy server and VLC media player. He has presented his findings and techniques at two major industry conferences such as BlackHat USA, DefCon, First and CCC, as well as at renowned academic security conferences such as ACSAC, Security and Privacy, and CCS. He holds a master’s degree in computer engineering from the Technical University of Berlin, as well as a doctorate in computer science from the University of Goettingen.

About Claudiu-Vlad Ursache

Claudiu-Vlad Ursache is a Security Research Engineer at ShiftLeft, having recently entered cybersecurity after a decade of writing software. In his daily work he creates static analysis tools and his current research is focused on IoT firmware.

About ShiftLeft

ShiftLeft enables software developers and application security teams to dramatically reduce the attack on their applications by providing near-instantaneous security feedback on software code with every pull request. By analyzing application context and near real-time data flows with unmatched precision, ShiftLeft enables developers and the Appsec team to find and remediate the most serious vulnerabilities faster. Using its patented graphical analysis that combines code attributes and analyzes actual attack paths based on actual application architecture, ShiftLeft’s platform searches for context and attack paths. typical of modern applications, through APIs, OSSs, internal microservices, and first-party business logic code, then provides detailed guidance on remedying risks in existing development tools and workflows. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA) and contextual security training through ShiftLeft Educate to provide developers and application security teams with the fastest, most accurate, and most relevant and easy-to-use automated application security and code analysis platform solutions.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures and SineWave Ventures, ShiftLeft is based in Santa Clara, California. To learn how ShiftLeft keeps AppSec in sync with the fast pace of DevOps, see https://www.shiftleft.io/.

RP:

Corinna Krueger

Left Shift

[email protected]

Source: ShiftLeft, Inc.

About Jon Moses

Check Also

New TypeScript 4.5 improves asynchronous programming – Visual Studio Magazine

New New TypeScript 4.5 improves asynchronous programming TypeScript 4.5 comes with a new Awaited type …