Yair Netzer

Intel (Israel)

Free bugs – maxing out your test plan using security flags and tools

Abstract:

Training / recruiting security experts is hard, and often not scalable. So we must find a way to empower existing validation teams to do security tests. A lot of effort is placed around training validation teams with security knowledge, and to deepen test plans with new security related tests. But this process is lengthy, and the results are usually not sustainable over time.

Another approach I want to present here is to empower existing testplans, using security compilation flags, and security debug tools – allowing to use the same tests, already executed by validation team, and produce new results. This methodology is much easier to implement, and often with great and immediate results.

This methodology is based on successful steps we took in the team I work with.

Working at Intel since 2008, in the security team since 2010, doing security validation, penetration testing, Code/design/arch review.
Security team manager since August 2018.

CISSP certified
MBA & BSc in computer science from the Hebrew university in Jerusalem.