#05 The Cake
Date:
Nov 15th, 2023
Videos:
Seeing What’s Wrong Just Right
Why everyone in your cyber security team needs to be an AI expert
Location:
OLX Portugal - Praça Duque de Saldanha nº 1 · Lisboa
This meetup was sponsored by OLX and AP2SI.
Agenda:
- 18h00: The Cake by the OWASP Lisboa chapter leadership team
- 18h15: Seeing What’s Wrong Just Right by Jasvir Nagra
- 19h10: Why everyone in your cyber security team needs to be an AI expert by Dinis Cruz
- 20:00: Food & Drinks sponsored by OLX
Seeing What’s Wrong Just Right
Writing web applications is hard. Debugging them is harder. Security bugs are even harder because not only does an application have to work, it has to stop working when the input is malicious. One approach web developers have taken to managing the complexity of writing large web programs is to make it harder to write incorrect programs. Static type checkers, linters, tests and testing frameworks have all made it easier to write correct code. Nevertheless, incorrect and vulnerable programs still exist. In fact, the very success of these tools in avoiding common errors has meant developers spend increasing amounts of time debugging only subtle bugs. In distributed systems, the challenge is even harder because debugging tools give you glimpses into the program state—some on the server, some on the client—without giving you a coherent view of the entire system. Not only are web programs inherently distributed between the server and the client, any one web page in the browser is itself made up of different iframes, events and event handlers, and sometimes service workers all communicating asynchronously. In this talk, I will share a few painful distributed web app debugging anecdotes and an alternate approach to get a holistic view of a program to track down elusive bugs. This approach uses virtualization to create complete traces of just those aspects of the program we suspect are buggy without having to model all program state. Virtualization allows us to momentarily ignore incidental bugs discovered while hunting the core one without it getting in the way, and visualization of the collected traces to build up causal diagrams to inform our intuition when our mental models deviate from reality. I will demonstrate how to recognize and tackle debugging problems with this approach and cover pitfalls you may run into with virtualization.
Jasvir Nagra
Jasvir Nagra is widely recognized as a thought leader in software protection. He is co-author of Surreptitious Software, the definitive textbook on software protection, and an early researcher in obfuscation, software watermarking, and fingerprinting. With more than 12 years of experience, his professional path includes companies such as Instart, Dropbox and Google - where he led the Caja project. As an advisor to Jscrambler, he is helping cybersecurity startups address key technological challenges.
Why everyone in your cyber security team needs to be an AI expert
Similar to how electricity revolutionised our lives and is now ubiquitous, Gen AI is poised to become an integral part of everything Cyber Security teams do everyday. Therefore, there is an increasing need to deepen our understanding and expertise in this transformative technology. It’s time to embrace the opportunities AI presents and equip ourselves with the knowledge to thrive in this rapidly evolving landscape.
Dinis Cruz
Dinis Cruz is the Chief Scientist of Glasswall and the CISO of Holland & Barrett, who brings a unique blend of Security and Engineering expertise with 20+ years experience in Cyber Security and Software Development. Dinis is focused on creating Gen AI powered teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productisation and commercialisation of advanced technologies.
Pictures from the meetup
