Nick Dunn
Security Consultant and Breaker of Things
Coming from software development and architecture, I spent a few years as software developer, architect, team lead, working in secure software for the financial sector
I moved into security consultancy, fisrt as an in-house penetration tester and code reviewer in online gambling, before moving into security consultancy and working on:
Code review
Penetration testing
Threat modelling, architecture review
Automating security testing with new tools, scripts, etc.
I moved into security consultancy, fisrt as an in-house penetration tester and code reviewer in online gambling, before moving into security consultancy and working on:
Code review
Penetration testing
Threat modelling, architecture review
Automating security testing with new tools, scripts, etc.
09:00 - 11:00
Protik ICT Resource Center Workshops - 21 September
Haven't We Met Before? Using Recent Bug-Fixes to Find New Vulnerabilities.
For a large, robust codebase that has been subjected to regular scanning by commercial and/or open-source scanning tools, there can be difficulties in locating new bugs, particularly in a short time frame.
It's possible to find new vulnerabilities that are missed by traditional code scanning tools by looking at the format and structure of previously identified vulnerable code and using a suitable scanner (Weggli) to find repeated undiscovered instances of similar bugs.
This is particularly suitable for patterns that are spread across multiple lines and those that might be missed by standard scanners.