Write a Blog >>
PLDI 2021
Sun 20 - Sat 26 June 2021 PLDI
Tue 22 Jun 2021 19:45 - 20:45 at SOAP - Session 3 Chair(s): Lisa Nguyen Quang Do

Towards Intelligent Application Security Cristina Cifuentes, Oracle Labs

Over the past 20 years we have seen application security evolve from analysing application code through Static Application Security Testing (SAST) tools, to detecting vulnerabilities in running applications via Dynamic Application Security Testing (DAST) tools. The past 10 years have seen new flavours of tools to provide combinations of static and dynamic tools via Interactive Application Security Testing (IAST), examination of the components and libraries of the software called Software Composition Analysis (SCA), protection of web applications and APIs using signature-based Web Application Firewalls (WAF), and monitoring the application and blocking attacks through Runtime Application Self Protection (RASP) techniques.

The past 10 years has also seen an increase in the uptake of the DevOps model that combines software development and operations to provide continuous delivery of high quality software. As security has become more important, the DevOps model has evolved to the DevSecOps model where software development, operations and security are all integrated. There has also been increasing usage of learning techniques, including machine learning, and program synthesis. Several tools have been developed that make use of machine learning to help developers make quality decisions about their code, tests, or runtime overhead their code produces. However, such techniques have not been applied to application security as yet.

In this talk I discuss how to provide an automated approach to integrate security into all aspects of application development and operations, aided by learning techniques. This incorporates signals from the code operations and beyond, and automation, to provide actionable intelligence to developers, security analysts, operations staff, and autonomous systems. I will also consider how malware and threat intelligence can be incorporated into this model to support Intelligent Application Security in a rapidly evolving world.

Cristina’s bio: http://labs.oracle.com/people/cristina

Tue 22 Jun

Displayed time zone: Eastern Time (US & Canada) change

18:00 - 21:00
Session 3SOAP at SOAP
Chair(s): Lisa Nguyen Quang Do Google
18:00
25m
Talk
Multi-Language Static Code Analysis on the LARA Framework
SOAP
Gil Teixeira , João Bispo Faculdade de Engenharia e Universidade do Porto, Filipe Figueiredo Correia University of Porto
18:25
25m
Talk
Serialization-Aware Call Graph Construction
SOAP
Joanna C. S. Santos Rochester Institute of Technology, Reese Jones , Chinomso Ashiogwu , Mehdi Mirakhorli Rochester Institute of Technology
18:50
25m
Talk
Scalable String Analysis: An Experience Report
SOAP
Kostyantyn Vorobyov Oracle Labs, Australia, Yang Zhao Oracle Labs, Paddy Krishnan Oracle Labs, Australia
19:15
30m
Break
Break
SOAP

19:45
60m
Live Q&A
[Invited talk] Towards Intelligent Application Security
SOAP
Cristina Cifuentes Oracle Labs
20:45
15m
Day closing
Award and send-off
SOAP
Lisa Nguyen Quang Do Google, Caterina Urban INRIA & École Normale Supérieure | Université PSL