Third Party Software Vulnerability Assessment

IoT Security Theatre

Thu 27th Sep 01:40 to 02:10

There are few tools to measure outstanding cyber security risk in third party software, which is a blind spot, especially for verticals such as IoT, automotive, or payment-based systems such as smartcards.

In this presentation we will look at various types of automated assessments to measure outstanding risks for native binaries. We will look at three approaches: 1) automated detection of violation of policies such as PCI DDS, FISMA and ISO 27001; 2) software composition analysis to find N-day exploits; and lastly 3) manual analysis to find vulnerable paths through the application that leak data before authentication.

What you will take away from this session

  • Measure outstanding risk in 3rd party applications
  • PCI-DDS, FISMA and ISO 27001
  • N-day vulnerabilities in native applications
  • Detect pre-authorization weaknesses


Photo Speaker Name Profile
Mark Hermeling Mark Hermeling View Profile