Explore strategies for securing C code in high-performance environments through this AppSecUSA 2017 conference talk. Delve into the challenges and solutions for implementing application security controls in C-based systems, using Fastly's content delivery network as a case study. Learn about balancing industry best practices, limited AppSec resources, and startup culture when hardening legacy codebases. Discover a minimum-viable approach for deploying self-service continuous fuzzing of critical internal C codebases, including edge HTTP/2 services and Fastly's varnish-cache fork. Gain insights from real-world successes and failures in designing effective security measures for C programs susceptible to memory corruption bugs.
Overview
Syllabus
Securing C code that seems to work just fine - AppSecUSA 2017
Taught by
OWASP Foundation
