Back To Schedule
Friday, September 19 • 2:00pm - 2:45pm
From the Ground Up

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This project started by a challenge given to me at Appsec EU conference in Hamburg as I said that it should be possible to do dynamic source-sink analysis in basic Java applications. My challengers then told me: "Prove it". It took a while, but fairly soon I had a simple setup in which I demonstrated simple Log manipulation on the commandline and that it was detectable. This project is the continuation of that proof and is aimed at developers to help them detect security vulnerabilities using live source-sink analysis. It is dependent on the code coverage and not aimed to be used in a production environment.

avatar for Steven van der Baan

Steven van der Baan

Principal Consultant, NCC
Steven is a security consultant with a strong background in software development. He has created and hosted the OWASP Capture the Flag competition at various events.

Friday September 19, 2014 2:00pm - 2:45pm MDT
Colorado Ballroom G-J [Builders] Denver Marriott City Center