Organizations are becoming increasingly aware of the importance of secure coding. Secure coding includes software development principles in an effort to minimize the introduction of vulnerabilities within software applications. One of the most common software vulnerabilities is insufficient input validation, which accounts for 50 percent of the most critical vulnerabilities reported to the National Vulnerability Database from 2011 to 2015. Poor input validation is a decades old challenge and to that point, is believed to have caused a glitch within a medical device during the 80s that resulted in patients being over-radiated. Additionally, a failed space launch (including ten years of lost productivity) was also blamed on this same issue and resulted in a $7 billion loss. In this webinar, AIS’s Thomas Dube will showcase an input validation failure by demonstrating a known command injection vulnerability (CVE-2015-5083) within an open-source firewall application. Thomas will then discuss methods of input validation, while demonstrating AIS’s efforts to reduce the likelihood of this critical vulnerability.
CSIAC Webinars - Secure Software Development Considerations
Notice: This podcast video may contain personal or third-party views and opinions not associated with the government.
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/
Download Associated Files:
You must be logged in to download files associated with this video podcast. Click here to login.
Presenter
Dr. Thomas Dube
Dr. Thomas Dube is a Senior Cyber Security Analyst at the Embedded, Commercial and Security Office of Assured Information Security, Inc. He has unique combination of experience in software development, testing and reverse engineering along with a strong background in academia where he served as the curriculum chair for a graduate cyber operations program. During his tenure as curriculum chair, his program was only 1 of 7 programs in the U.S. to have all Center of Academic Excellence designations co-sponsored by the Department of Homeland Security and the National Security Agency.
Before joining AIS, Dr. Dube served as an Assistant Professor of Computer Engineering in the Computer Science and Engineering Division of the Air Force Institute of Technology. In this position he taught graduate courses in operating systems, software assurance, reverse engineering and computer networks. Dr. Dube has published 15 IEEE or equivalent archival journal articles and conference papers. He is a Senior Member of the IEEE and also holds one U.S. patent for malware detection technology. He holds an MS degree in Information Assurance and a PhD degree in Computer Engineering from the Air Force Institute of Technology.
Leave a Comment
You must be logged in to post a comment.