Suppose you need to incorporate crypto into your application. Or you need to write a regex to validate some user input. You might end up on Stack Overflow, where you find a code snippet that you can paste into your application. And even better, it works on the first try! But is the code correct, and is the code secure? In this talk, Jamie and Sazzadur will talk about the potential hazards of copy/pasting crypto and regexes into your software.
Summit
Research on the dangers of copy/pasting code
with Sazzadur Rahaman, Jamie Davis
play_circle
Sharefacebookmail_outlinelink
Description:
Tags:
Secure Development
Security Best Practices
Security Research
About Sazzadur Rahaman
Sazzadur Rahaman is a 5th-year PhD students in Computer Science at Virginia Tech. He spent a few years in industry before heading back to school. He studies software correctness and security. Sazzadur focuses on application-level cryptographic vulnerabilities and has caused changes in projects like Apache Spark and Apache Ranger.
About Jamie Davis
Jamie Davis is 5th-year PhD students in Computer Science at Virginia Tech. He spent a few years in industry before heading back to school. He now studies software correctness and security. Jamie focuses on regular expressions and Node.js. Jamie’s research has led to changes in the core libraries of Python and Node.js.