Tài liệu Thư viện số
- Crypt Information Security (235 )
- An toàn thông tin (887 )
- Điện tử - Viễn thông (1228 )
- Công nghệ thông tin (3030 )
- Khoa cơ bản (408 )
- Lý luận chính trị (386 )
- Ngoại ngữ (351 )
- GDQP - GDTC (209 )
- Đồ án - Tiểu luận (15 )
- Tài liệu tham khảo khác (565 )
Danh mục TaiLieu.VN
- Mẫu Slide Powerpoint
- Luận Văn - Báo Cáo (344720)
- Kinh Doanh Marketing (65512)
- Kinh Tế - Quản Lý (48934)
- Tài Chính - Ngân Hàng (55898)
- Công Nghệ Thông Tin (142209)
- Tiếng Anh - Ngoại Ngữ (47066)
- Kỹ Thuật - Công Nghệ (134345)
- Khoa Học Tự Nhiên (107174)
- Khoa Học Xã Hội (82451)
- Văn Hoá - Nghệ Thuật (54408)
- Y Tế - Sức Khoẻ (173915)
- Nông - Lâm - Ngư (62504)
- Kỹ Năng Mềm (29016)
- Biểu Mẫu - Văn Bản (27610)
- Giải Trí - Thư Giãn (51994)
- Văn Bản Luật (198854)
- Tài Liệu Phổ Thông (402015)
- Trắc Nghiệm Online (213578)
- Trắc Nghiệm MBTI
- Trắc Nghiệm Holland
Heartbleed
How Codenomicon
Discovered Heartbleed
Solutions For Protecting Your Organization
FINLAND SILICON VALLEY SINGAPORE
1 April 2014, All Rights Reserved. @CodenomiconLTD
. Heartbleed
How Heartbleed Was Discovered
What We All Need To Know
Codenomicon Ltd.
May 2, 2014
2 April 2014, All Rights Reserved. @CodenomiconLTD
. Codenomicon
• Company is a spinoff (2001) from PROTOS research project focused
on intelligent and systematic fuzzing techniques.
• Backed with 18 years of research in this field, the OUSPG team at the
University of Oulu started in 1996
• Codenomicon has grown into the largest commercial vendor
of fuzz testing tools globally.
• Still heavily involved in research and development
. New industry segments: automotive, medical, ICS,
and Electric Sector (SmartGrid)
. New testing techniques/analysis: e.g. Safeguard and AppCheck
3 April 2014, All Rights Reserved. @CodenomiconLTD
. Defensics and Safeguard
• Our Defensics fuzzing tools cover over 260 protocols and
file formats
• Safeguard is a feature we are developing as an extension
to test robustness testing and fuzzing, and will be deployed
to a number of protocol test suites
• Safeguard consists of extensive analysis of system behavior under
fuzztesting to detect weaknesses such as memory dumps and
amplification problems
• It was during testing of Safeguard functionality that we discovered the
Heartbleed flaw
4 April 2014, All Rights Reserved. @CodenomiconLTD
. This is Not Our First Big Discovery
• Among hundreds of cases, several have been multivendor cases
applying to wide range of services/devices:
. Numerous flaws in MIME in 1998
. Numerous flaws in ASN.1/SNMP in 2001/2002
. Apache IPv6URI flaw in 2004
. Numerous flaws in image formats in 2005
. Numerous flaws in XML libraries in 2009
. Several flaws in Linux Kernel IPv4 and SCTP in 2010
. RSA signature verification vulnerability in strongSwan in 2012
5
. Several OpenSSL and GnuTLS vulnerabilities in 2004,
April 2014, All Rights Reserved. @CodenomiconLTD
2008, 2012 and 2014
.
Discovered Heartbleed
Solutions For Protecting Your Organization
FINLAND SILICON VALLEY SINGAPORE
1 April 2014, All Rights Reserved. @CodenomiconLTD
. Heartbleed
How Heartbleed Was Discovered
What We All Need To Know
Codenomicon Ltd.
May 2, 2014
2 April 2014, All Rights Reserved. @CodenomiconLTD
. Codenomicon
• Company is a spinoff (2001) from PROTOS research project focused
on intelligent and systematic fuzzing techniques.
• Backed with 18 years of research in this field, the OUSPG team at the
University of Oulu started in 1996
• Codenomicon has grown into the largest commercial vendor
of fuzz testing tools globally.
• Still heavily involved in research and development
. New industry segments: automotive, medical, ICS,
and Electric Sector (SmartGrid)
. New testing techniques/analysis: e.g. Safeguard and AppCheck
3 April 2014, All Rights Reserved. @CodenomiconLTD
. Defensics and Safeguard
• Our Defensics fuzzing tools cover over 260 protocols and
file formats
• Safeguard is a feature we are developing as an extension
to test robustness testing and fuzzing, and will be deployed
to a number of protocol test suites
• Safeguard consists of extensive analysis of system behavior under
fuzztesting to detect weaknesses such as memory dumps and
amplification problems
• It was during testing of Safeguard functionality that we discovered the
Heartbleed flaw
4 April 2014, All Rights Reserved. @CodenomiconLTD
. This is Not Our First Big Discovery
• Among hundreds of cases, several have been multivendor cases
applying to wide range of services/devices:
. Numerous flaws in MIME in 1998
. Numerous flaws in ASN.1/SNMP in 2001/2002
. Apache IPv6URI flaw in 2004
. Numerous flaws in image formats in 2005
. Numerous flaws in XML libraries in 2009
. Several flaws in Linux Kernel IPv4 and SCTP in 2010
. RSA signature verification vulnerability in strongSwan in 2012
5
. Several OpenSSL and GnuTLS vulnerabilities in 2004,
April 2014, All Rights Reserved. @CodenomiconLTD
2008, 2012 and 2014
.
Từ khóa: heart bleed
19 p AT070167 04/05/2015 568 5
Phát triển bởi Thư viện số
