Abstract

Embedded system manufacturers often overlook fundamental application security coding practices when designing software. Security bugs left behind by third-party software teams within the supply chain have been known to be easily found and exploited by attackers in the wild. Unfortunately, these security bugs may be out of control for the OEM to patch due to the upstream supply chain but compromises the device’s ecosystem as a result. Join me as we discuss how to securely design embedded software, define application requirements, common embedded application security threats, and employing proactive application security controls.

Speaker

Mr. Aaron Guzman
Manager
Gotham Digital Science an Aon Company

Aaron Guzman is a Manager with Gotham Digital Science (GDS), located in Los Angeles, CA. Mr. Guzman previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell SecureWorks breaking code and architecting infrastructures. Aaron has spoken at many conferences worldwide which include DEF CON, OWASP AppSec EU, OWASP AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. Follow Aaron’s latest research on Twitter at @scriptingxss