Loading…
The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
Thursday, January 24 • 2:00pm - 2:50pm
Behind the scenes: Securing in-house execution of unsafe third-party executables

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
So you want to run FFMpeg or ImageMagick or any other third-party processing library inside your Production environment, and still hope for a good night’s sleep?

In-house third-party code execution has its unique set of security challenges. One cannot help but wonder how the "ImageTragick" bug got so infamously popular in affecting the production state of security for so many enterprises worldwide.

Historically speaking, such third-party libraries have been subject to several critical security impacting vulnerabilities, including but not limited to, remote code execution attacks. When coupled with untrusted user-provided inputs, execution of such dangerous executables can become a nightmare for security teams to thoroughly secure.

As in-house execution of untrusted code becomes more prevalent, a secure-by-design framework is necessary to help guide organizations to better safeguard their production state of security.  In this talk, I would like to present a framework that was incepted on the basis of security best practices and defense-in-depth principles, and can be leveraged to secure third-party code execution environments.  

Speakers
avatar for Mukul Khullar

Mukul Khullar

Staff Security Engineer, LinkedIn
Mukul Khullar is a security researcher with over 9 years of industry experience, primarily focused on application security and penetration testing. At Linkedin, Mukul holds the Staff security engineer title, and is responsible in identifying vulnerabilities and security design flaws... Read More →



Thursday January 24, 2019 2:00pm - 2:50pm
Club Room