Best Practices II
- TYPE: Combined Session DATE: Wednesday, May 13, 2020 TIME: 17:30-18:30 LOCATION: AMMERSEE II
Picture this: you work at an enterprise, with a traditional IT organisation, mostly comprised to people that have been with the company for many years and manages lots of Personal and Non Personal Accounts on multiple platforms. There is this new thing called DevOps and it seems to match the Scrum methodology your developers like. So you decide to reorganize to DevOps. Some of your older employees don't want to make the transition with the attached challenges to the way they work and decide to take an early retirement This forces you to source some of the technical support functions to your offshore ventures in Eastern Europe. At the same time you want to make the new DevOps teams responsible for the entire stack, spreading the responsibility for account management to multiple teams. And after blinking twice you suddenly find you have several thousand of Non-Personal Accounts around that nobody seems to own or know what they are for. And nobody dares to delete them, because maybe you need them for some process that runs only once a year. Obviously this would never happen to you, right? But it happened to us and it could happen to you too!
In this talk, we explain how we drained the swamp and got back in control over our NPA's. It involves good old fashioned detective work, password vaults, smart repositories connecting different data sources, some automation and some bold decisions.
- Understand the steps you need to take to get back in control
- Understand where responsibility should be and why
- Understand some of the tooling and automation you can use
In recent years we have seen a great deal of attention to the topic of security analysis in smart contracts, especially those developed for the Ethereum blockchain. Hence, it seems there is an ever-growing demand for secure smart contracts to protect what could potentially be worth billions. In this work, I introduced Etherolic as a robust, scalable and efficient tool for performing precise security analysis on smart contracts. This tool works based on a successful combination of dynamic taint tracking (DTA) and concolic testing that allows users to analyze the bytecode of smart contracts being run on the Ethereum Virtual Machine. Therefore, Etherolic is not only able to identify a wide spectrum of vulnerabilities but also generates precise exploits to trigger unknown vulnerabilities in the contracts. In order to demonstrate the usefulness of the approach, I evaluated Etherolic on a crafted benchmark suite, comprising 12 real-world and synthetic contracts along with 98 safety features. The result of the evaluation reveals 204 hidden security violations in the benchmarks.
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- May 12 - 15, 2020 Munich, Germany
The European Identity & Cloud Conference 2020 is proud to present a large number of partners
How can we help you