C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

Spring Security Shiro Plugin - Reference Documentation Burt Beckwith Version 3.1.2.BUILD-SNAPSHOT Table of Contents 1. Introduction to the Spring Security Shiro Plugin . . . . . . . . . . . . . . Chapter 1. Introduction to the Spring Security Shiro Plugin The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring Security and Shiro. It currently only supports supports Shiro ACLs, since Spring Security ACLs are very powerful but can be very cumbersome to use, and the Shiro approach is straightforward and simple. The majority of the authentication and authorization

1 Shiro support for the Spring Security plugin Table of contents 2 Shiro support for the Spring Security plugin - Reference Documentation Authors: Burt Beckwith Version: 0.1 Table of Contents 1 Introduction The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring Security and . It currently only supports Shiro ACLs, since Spring Security ACLs are very Shiro authentication and authorization work is still done by Spring Security. This plugin listens for Spring Security authentication events and uses the Spring Security Authentication instance to build and register a Shiro

the Spring Security plugin Shiro support for the Spring Security plugin - Reference Documentation Authors: Burt Beckwith Version: 1.0.0 Table of Contents 1 Introduction to the Spring Security Shiro Plugin Spring Security Shiro Plugin The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring and . It currently only supports Shiro ACLs, since Spring Security ACLs are are very Security Shiro powerful but can be very cumbersome to use, and the Shiro approach is straightforward and simple. The majority of the authentication and authorization work is still done by Spring

and technologically advanced. That is the force for the future.” - Secretary Panetta, Defense Security Review, 5 Jan 12iii Foreword Department of Defense (DoD) program managers and executives have development practices. Table 1 Traditional Versus Agile Considerations Consider Agile Practices Assessment Areas Consider Traditional Practices Requirements cannot be well defined upfront due to a dynamic iterative development User Timelines Operational environment does not7 Consider Agile Practices Assessment Areas Consider Traditional Practices and require frequent capability upgrades (<1 year).

analysis will prove invaluable to leaders who must execute it.” – Jez Humble, CTO, DevOps Research & Assessment, LLC A Few Themes Getting in Our Own Way: First, that we have locked ourselves into a frame of AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from

任务目标、目标受众、文章类型、字数要求、特殊要求 在分析阶段，首先明确 任务目标和关键问题 通过四个关键步骤：分析（Analysis）、构思（Ideation）、发展（Development） 和评估（Assessment），为提示语链的设计提供系统化的指导。 构思阶段注重创新性思 维，探索多种解决方案 在发展阶段，逐步深化 构思并形成具体的内容 方案 最后的评估阶段用于反 思和优化，确保生成内

任务目标、目标受众、文章类型、字数要求、特殊要求 在分析阶段，首先明确 任务目标和关键问题 通过四个关键步骤：分析（Analysis）、构思（Ideation）、发展（Development） 和评估（Assessment），为提示语链的设计提供系统化的指导。 构思阶段注重创新性思 维，探索多种解决方案 在发展阶段，逐步深化 构思并形成具体的内容 方案 最后的评估阶段用于反 思和优化，确保生成内

expected iv. Great Amazon Reboot of 2014 – 10% of Amazon EC2 servers had to reboot for Xen emergency security patch. At Netflix, zero downtime, no one actively working incidents. They were at a Hollywood party infrastructure, and environments 2. Deployment tools 3. Testing standards and tools, including security 4. Deployment pipeline tools 5. Monitoring and analysis tools 6. Tutorials and standards ii Technical Practices of Integrating Information Security, Change Management, and Compliance 1. Introduction a. Goal to simultaneously achieve Information Security goals and create high degree of assurance