Explore a comprehensive framework for securing in-house execution of potentially unsafe third-party executables like FFMpeg and ImageMagick in production environments. Learn about the unique security challenges posed by third-party code execution, including the infamous "ImageTragick" vulnerability. Discover a secure-by-design approach based on security best practices and defense-in-depth principles to safeguard your organization's production security. Gain insights from Mukul Khullar, a Staff Security Engineer at LinkedIn with extensive experience in application security and penetration testing, as he presents this 42-minute talk from AppSecCali 2019, organized by the OWASP Foundation.
Securing In-House Execution of Unsafe Third-Party Executables
Overview
Syllabus
AppSecCali 2019 - Behind the Scenes: Securing In-House Execution of Unsafe Third-Party Executables
Taught by
OWASP Foundation
Related Courses
-
ScriptProtect: Mitigating Unsafe Third-Party JavaScript Practices
-
Slack App Security: Securing Workspaces from a Bot Uprising
-
Managing Vulnerability Response Dependencies in Third-Party Components - AppSecCali 2019
-
Securing Third Party Applications at Scale - AppSecCali 2019
-
Issues and Limitations of Third Party Security Seals
-
Scaling Content Security Policy: Enterprise Compliance and Third-Party Resource Management
