Explore a comprehensive framework for securing in-house execution of potentially unsafe third-party executables like FFMpeg and ImageMagick in production environments. Learn about the unique security challenges posed by third-party code execution, including the infamous "ImageTragick" vulnerability. Discover a secure-by-design approach based on security best practices and defense-in-depth principles to safeguard your organization's production security. Gain insights from Mukul Khullar, a Staff Security Engineer at LinkedIn with extensive experience in application security and penetration testing, as he presents this 42-minute talk from AppSecCali 2019, organized by the OWASP Foundation.
Overview
Syllabus
AppSecCali 2019 - Behind the Scenes: Securing In-House Execution of Unsafe Third-Party Executables
Taught by
OWASP Foundation