April 11, 6:30pm
Uncovering Hidden Security Risks in C++ Applications with LD_PRELOAD and API Interception
Security is becoming an increasingly important aspect of quality these days. Quality is no longer just functionality and performance testing, but must include security testing as well. Programs written in C++ (or other languages) could have several security risks that (a) static code scanning can’t detect (b) engineers like QA teams testing the app do not have access to static code, OR (c) vulnerabilities in 3rd party dependencies whose code isn’t scanned. Analyzing running processes by injecting an LD_PRELOAD library and using API interception to observe filesystem, networking, memory and other calls, can help reveal a ton of insecure behaviors. These behaviors could range from processes reaching out to unwanted parts of the network, communicating with UDP, telnet/ssh’ing to unexpected locations, writing to unwanted parts of the filesystem and more.
In this presentation, Kiran Kamity, founder & CEO of Deepfactor, will walk through a demonstration showing 80 types of insecure behaviors that can be hidden in applications and can be uncovered using runtime analysis.