Nullcon Berlin 2023 | SCCI: The Road To Side-Channel Regression Testing In CI Development by Witold
Abstract:
---------------
Side-channel attacks are easily mistaken for being highly implementation-specific and thus unsuitable as tests. I'll show that, given some thought and engineering, side-channel regression testing is not only viable but also integrates quite well with a standard continuous integration development process.
I'll present a case study with live side-channel regression testing using GitHub actions CI. Countermeasures and regression tests will be implemented for sample attacks, preventing the vulnerabilities from being re-introduced into the code.
#sidechannelattack #Infosec #NullconBerlin
------------------------------------------------------------------------------------------
Follow nullcon on Facebook: https://www.facebook.com/nullcon
Twitter: https://twitter.com/nullcon
LinkedIn: http://linkedin.com/company/nullcon/
Website: https://nullcon.net
Видео Nullcon Berlin 2023 | SCCI: The Road To Side-Channel Regression Testing In CI Development by Witold канала nullcon
---------------
Side-channel attacks are easily mistaken for being highly implementation-specific and thus unsuitable as tests. I'll show that, given some thought and engineering, side-channel regression testing is not only viable but also integrates quite well with a standard continuous integration development process.
I'll present a case study with live side-channel regression testing using GitHub actions CI. Countermeasures and regression tests will be implemented for sample attacks, preventing the vulnerabilities from being re-introduced into the code.
#sidechannelattack #Infosec #NullconBerlin
------------------------------------------------------------------------------------------
Follow nullcon on Facebook: https://www.facebook.com/nullcon
Twitter: https://twitter.com/nullcon
LinkedIn: http://linkedin.com/company/nullcon/
Website: https://nullcon.net
Видео Nullcon Berlin 2023 | SCCI: The Road To Side-Channel Regression Testing In CI Development by Witold канала nullcon
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Tech Startups/Businesses and Infonomics | CXO Panel | Nullcon Security Conference March 2021
Nullcon Berlin 2023 | Not So Famous Attack Vectors In The World Of Smart Contract Security!
Saikat Datta at NULLCON | #Nullcon2020 Diary
AI vs. Pandemic by Sneha Banerjee | Winja Talks 2021
CXO Panel | Securing India The CERTIn Way | Nullcon Goa 2022
nullcon Goa 2017 - DevOpSec: Rapid Security In The AWS Cloud by Mikhail Advani and Rajesh Tamhane
Nullcon Goa 2021 is back in Town
Cloud Security Posture Management & Threat Protection | Suman & Sakaldeep | Nullcon Webinars 2022
Nullcon Goa 2023 | Uncovering Azure's Silent Threats: A Journey Into Cloud Vulnerabilities by Nitesh
Bhadra framework: Threat modeling for mobile communication systems by Sid Rao | Nullcon Webinar 2021
nullcon Goa 2014: Flowinspect A Network Inspection Tool by Ankur Tyagi @7h3rAm
nullcon Goa 2015: The NSA Playset RF Retroreflectors by Michael Ossmann
Reversing and De-Obfuscating Malware with Software Emulation | Nullcon Webinar 2022
nullcon Goa 2018 - Talk with Experts
macOS Security Features Bypasses by Example | Jonathan Bar Or (JBO) | Nullcon Webinars 2022
nullcon Goa 2017 - CXO Panel 'Digital Warriors: India And The Future Of Conflict On The Internet'
What is Cyber Threat Intelligence | Rishika Desai | Winja Unplugged
Securing the Human Factor | CXO Panel Discussion | NULLCON Goa 2020
Taking the guess out of Glitching! | Adam Laurie | NULLCON Goa 2020
A Kernel Hacker Meets Fuchsia OS | Alexander Popov | Nullcon Goa 2022
Threat Research & Fortnite Scams | Ben Herzberg | nullcon Interviews