Third Party Software Vulnerability Assessment

IoT Security Theatre

Wed 26th Sep 11:30 to 12:00

There are few tools to measure outstanding cyber security risk in third party software, which is a blind spot, especially for verticals such as IoT, automotive, or payment-based systems such as smartcards.
In this presentation we will look at various types of automated assessments to measure outstanding risks for native binaries. We will look at three approaches: 1) automated detection of violation of policies such as PCI DDS, FISMA and ISO 27001; 2) software composition analysis to find N-day exploits; and lastly 3) manual analysis to find vulnerable paths through the application that leak data before authentication.

What you will take away from this session

  • Measure outstanding risk in 3rd party applications
  • PCI-DDS, FISMA and ISO 27001
  • N-day vulnerabilities in native applications
  • Detect pre-authorization weaknesses


Photo Speaker Name Profile
Mark Hermeling Mark Hermeling View Profile