Sponsored by ShiftLeft
June 19 2019
2 PM EST
While graph databases are primarily known as the backbone of the modern social networks, we have found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries.
This talk will bring together two well-known but previously unrelated topics: static program analysis and graph databases. After briefly covering the "emerging graph landscape" and why it may be interesting for hackers, a graph representation of programs exposing syntax, control-flow, data-dependencies and type information is presented, designed specifically with bug/backdoors/business logic flaws hunting in mind.
Capabilities of the system will then be demonstrated live with Joern, an open source code exploration tool, as we craft queries for RCE exploits, insider attacks, data leak detection.
Chetan Conikee, CTO &
* REGISTER AND ATTEND THIS ENTIRE WEBINAR AND 3 PEOPLE HAVE THE CHANCE TO WIN A $50 AMAZON GIFT CARD RIGHT ON THE SPOT!
This Campaign is open only to those who register for and attend the entire webinar. Employees of MediaOps and webinar sponsor(s)], its affiliates, subsidiaries, advertising and promotion agencies, and suppliers, (collectively the “Employees”), and immediate family members and/or those living in the same household of Employees are not eligible to participate in the Campaign. The Campaign is subject to all applicable laws and regulations. Void where prohibited. The Winner(s) of the Campaign will receive a $50 Amazon gift card which will be provided by MediaOps. Winners will be selected by the webinar moderator at the conclusion of the event and announced live at that time. You must be an attendee at the time of the drawing to win. No purchase is necessary. It is agreed that MediaOps has permission to use your name as a winner in promotional efforts and social media.