Videos to Watch
- Julien Vehent - https://j.vehent.org/jve.html
How to Write a Great Research Paper
How to Give a Great Research Talk
Securing DevOps - Youtube channel from Julien Vehent
- DEF CON 2018
Stephen Magill Principal Scientist, Software Analysis
- I serve as the CEO of Galois spin-off MuseDev, a startup focused on
automatically finding and fixing critical bugs. My research interests focus on
static and dynamic program analysis, with a particular emphasis on scalability
and tuning analyses for specific software domains. My recent work focuses on
security, both software security in the traditional sense and related issues
such as privacy. I have also worked on analyses that help programmers build
and deploy software updates in high-availability environments.
Black Hat Asia 2017 Halvar Flake - Why we are not building a defendable Internet
BH USA 2006 - Halvar Flake Need New Tools
DEF CON 2006 - NNew Chhallenges Need Changing Tools
RuhrSec 2018: Keynote: Weird machines, exploitability and unexploitability (Halvar Flake)
Preventing Attacks at Scale [I] - Dino Dai Zovi, Capsule8
- Security hardening for containers, clusters, and operating systems is a very
important part of setting up infrastructure and always “Plan A”. The world of
“Plan A” defends the importance of making sure your cluster is set up securly.
Dino comes from the world of “Plan B” and will focus on detecting when
security boundaries have been breached. This is necessary for environments
where you don’t have ability to ensure base OS is fully patched, etc.
- Step into the world of Linux kernel features such as seccomp, eBPF, kprobes
and Kubernetes tunable security features and learn how to detect and defend
against attacks at scale.
- Dino Dai Zovi is the Co-Founder and CTO at Capsule8.
BH USA 2002 - Professional Source Code Auditing - Mark Dowd, neel Mehta, Halvar Flake
Halvar Flake: Black Hat EU 2003 - Data Flow Analysis
[AthCon 2012] Exploitation and State Machines
44CON 2013 - A talk about (info-sec) talks - Haroon Meer
- Last year there was an Information Security conference taking place for almost
every day of the year. This translates to about 15 information security talks
per day, every day. The question is, is this a bad thing? Even niche areas of
the info-sec landscape have their own dedicated conference these days. Is this
a good thing?
- The conference scene is actually a reasonable proxy for the state of
information security as a discipline.. i.e. theres a lot of activity but with
questionable results (and dodgy metrics).
- This talk aims to change (some of) that.
Dino Dai Zovi - Attacker Math 101
An introduction to Category Theory forSoftware Engineers - seems like an awesome intro
Static Detection of Second-Order Vulnerabilities in Web Applications - Usenix 2014
https://catalog.comby.dev/ - a sample rewrite catalog of code patterns. (academic)
mpage/plt-study - A path to Programming Language Theory enlightenment
- Lots of links to great papers and videos
James Koppel - The Best Refactoring You’ve Never Heard Of
- Really detailed, cool looking talk
A gentle introduction to program analysis
- Great slide deck from an academic, solid intro looks like, 113 slides
Let’s build a compiler - book
Safe and Efficient, Now -statically assure a wide range of safety properties:
- never dereferencing a null pointer or taking the head of an empty list;
- always sanitizing user input;
- using only in-bounds indices to access (dynamically allocated) arrays of the
statically unknown size.
- Also a bunch of articles on types
The Architecture of Open Source Applications
Introducing the FASTEN
project - The core idea behind
FASTEN is really simple: instead of analyzing dependencies at the package level,
we will analyze them at the call graph level! This will allow us to be super
precise when we are tracking dependencies, when we do change impact analysis,
when we recommend clients to update packages etc. It will also open the door to
new sophisticated applications, e.g. licensing compliance, dependency risk
profiling and data-driven API evolution.
Macaroons are Better Than Cookies!
246 Findings From our Smart Contract Audits: An Executive Summary
Microsoft Academic Knowledge Graph - a large RDF data
set with over eight billion triples with information about scientific
publications and related entities, such as authors, institutions, journals, and
fields of study. The data set is based on the Microsoft Academic Graph and
licensed under the Open Data Attributions license. Furthermore, we provide
entity embeddings for all 210M represented scientific papers.
The A-Z of Programming languages - interviews with programming language creators)
Adventures in Prolog
Magritte: A Language for Pipe-BasedProgramming - masters thesis