Don’t Get Caught Em-bed: Finding and Preventing Vulns at its Lowest Level
It’s no secret that embedded systems surround and control our daily lives. Embedded device and system manufactures have long prioritized code quality and/or user experience over application security. As devices become more interconnected to each other, it is becoming apparent that change is needed throughout the industry. Utilizing millions of vulnerable embedded devices, we have witnessed some of the worlds largest DDoS attacks in 2016 as a result of neglecting fundamental secure coding principles. Join me as we discuss common embedded application security threats, employing proactive controls, and best practices.
Presented at Security Fest 2017.
Speaker: Aaron GuzmanAbout Aaron Guzman
Aaron Guzman is a Principal Security Consultant from the Los Angeles area with expertise in application security, mobile pentesting, web pentesting, IoT hacking and network penetration testing. He has previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell, breaking code and architecting infrastructures. With Aaron’s years of experience, he has given a number of presentations at various conferences ranging from DEFCON and OWASP’s Appsec USA, to developer code camps around the world. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, President of Cloud Security Alliance SoCal (CSA SoCal), previous President of the High Technology Crime Investigation Association of Southern California (HTCIA SoCal) and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. You can follow Aaron’s latest research and updates on twitter at @scriptingxss.
