https://cppcon.org
---
Security Beyond Memory Safety - Using Modern C++ to Avoid Vulnerabilities by Design - Max Hoffmann - CppCon 2024
---
Nowadays, there is one topic that comes up in virtually all discussions on system programming languages: memory safety.
However, even though memory safety rules out many of the most common sources of vulnerabilities, there are still plenty of ways how a vulnerability may find its way into the codebase.
In this talk, we look beyond memory safety and explore how we can prevent vulnerabilities through simple yet effective C++ constructions and custom static analysis scripts.
We analyze multiple examples, from basics like input validation to complex time-of-check vs time-of-use issues when accessing shared resources, all of which are inspired by real-world products, use cases, or vulnerabilities.
For each example, we discuss attacker models, threats, and implementation pitfalls, before looking at potential solutions that are not just secure by themselves but also protect developers from accidentally introducing vulnerabilities in the future.
Viewers will gain a deeper understanding of security engineering and inspirations for leveraging C++ to prevent potential security issues by design.
---
Slides: https://github.com/CppCon/CppCon2024/blob/main/Presentations/Security_Beyond_Memory_Safety.pdf
Sponsored by JetBrains: https://www.jetbrains.com/clion/
---
Max Hoffmann
Max Hoffmann studied cybersecurity and got his Ph.D. in hardware security at the Ruhr University Bochum, Germany, in association with the Max Planck Institute for Security and Privacy at the research group of Professor Christof Paar. With a passion for teaching, he continues to contribute to the university as an external lecturer, shaping the next generation of cybersecurity professionals. As a Security Manager at ETAS, he oversees the Onboard Security portfolio, driving process improvements, supporting in technical discussions, managing vulnerabilities, and enhancing security awareness in the organization.
---
CppCon is the annual, week-long face-to-face gathering for the entire C++ community. The conference is organized by the C++ community for the community. You will enjoy inspirational talks and a friendly atmosphere designed to help attendees learn from each other, meet interesting people, and generally have a stimulating experience. Taking place this year in Aurora, Colorado, near the Denver airport, and including multiple diverse tracks, the conference will appeal to anyone from C++ novices to experts.
Annual CppCon Conference - https://www.cppcon.org
https://www.linkedin.com/company/cppcon
https://x.com/cppcon
https://www.facebook.com/CppConference
https://www.reddit.com/r/cppcon/
https://mastodon.social/@CppCon
---
Videos Filmed & Edited by Bash Films: http://www.BashFilms.com
YouTube Channel Managed by Digital Medium Ltd: https://events.digital-medium.co.uk
---
#softwaresecurity #cybersecurity #cpp #cplusplus #cppcon #cppprogramming #cplusplusprogramming #softwaredevelopment #softwareengineering #coding #code #technology #programming #programmer