Modern web applications run on top of millions of lines of compiled code. The risk of exploitation in the underlying compiled code sometimes falls off of risk management matrices, in part because it is in different languages than the web applications on top of Apache, MySQL, etc. This webinar will show ways of automatically immunizing popular web framework building blocks from memory corruption risks, which comprise 40% of the CVEs in this codebase.
Shane Fry is the Director of Security Engineering at RunSafe Security, Inc. He has over a decade of experience in cybersecurity, on both the offensive and defensive sides of the house. Shane began his career performing vulnerability assessments on a variety of software platforms, including Unix/Linux-based operating systems, Mac OS X, Android and iOS devices, internet browsers, and cloud computing platforms. His research has spanned all layers of the hardware and software stack, including physical circuit security, secure boot, software update, memory corruption, and web-application vulnerabilities. Shane brings his deep offensive cybersecurity experience to bear when consulting on secure system design, architecture, and implementation for private industry, contractors, and US Government systems. Outside of RunSafe Security, Shane is involved in the local Huntsville, AL startup scene. He has co-taught a course that describes a framework for determining whether an individual should invest the time, effort, and money into a prospective product or service. In collaboration with Intel/McAfee, Shane participated in an automotive technology hacking competition, where he led a team to first place. His contributions at the competition resulted in being an industry collaborator on a public McAfee report regarding Automotive Security Best Practices.