All Bets On BlackHat USA 2012 in Las Vegas

The BlackHat USA 2012 conference will be held at Caesar’s Palace in Las Vegas, Nevada, from July 21-26 to bring together thought leaders from all facets of the Information Security world — from the corporate and government sectors to academic and even underground researchers.

This year’s event sees a special session hosted by Jared DeMott entitled “Application Security: For Hackers and Developers.” DeMott himself is a principal security researcher for the “Crucial Security” business area at Harris Corporation. He is also a Ph.D. candidate at Michigan State University.

Demott’s session aims to both straddle and interconnect what he denotes as the “four technical skills” required by security professionals in any job function:

  • source code auditing
  • fuzzing
  • reverse engineering
  • exploitation

In light of the fact that many code bases (C/C++ code and others) have long been plagued by security errors resulting from memory corruption, there is now a need to drill into key information-security skills for programmers in order to bring the pedigree, core architecture, and wider remit for operation of their application up to scratch to meet today’s exacting standards for security.

This conference session then will feature analysis of problematic code and web auditing issues. Fuzzing will be covered with analysis of mutation file fuzzing and framework definition construction.

According to BlackHat 2012 conference organizers, those attending this event will focus on learning to reverse compile software written in C and C++. “Understanding how and when to audit source code is key for both developers and hackers. Students learn to zero in on the important components of each language. Automated tools are mentioned, but auditing source manually is the focus, since verifying results is a required skill even when using the most advanced tools. Spotting and fixing bugs is the focus.”

Attendees, or “students” as they are commonly referred to at this highly practical training event, will typically be expected to hold a college degree in a computer related disciple or have equivalent work experience.