Uncovering Security Risks in C++ Apps with LD_PRELOAD and API Interception @ C++ Bay Area Meetup
JFrog is a Proud Sponsor of C++ Bay Area Meetup!
April 10, 2023
< 1 min read
Uncovering Hidden Security Risks in C++ Applications with LD_PRELOAD and API Interception
Security is becoming an increasingly important aspect of quality these days. Quality is no longer just functionality and performance testing, but must include security testing as well. Programs written in C++ (or other languages) could have several security risks that (a) static code scanning can’t detect (b) engineers like QA teams testing the app do not have access to static code, OR (c) vulnerabilities in 3rd party dependencies whose code isn’t scanned. Analyzing running processes by injecting an LD_PRELOAD library and using API interception to observe filesystem, networking, memory and other calls, can help reveal a ton of insecure behaviors. These behaviors could range from processes reaching out to unwanted parts of the network, communicating with UDP, telnet/ssh’ing to unexpected locations, writing to unwanted parts of the filesystem and more.
About the Speaker:
In this presentations, Kiran Kamity, founder & CEO of Deepfactor, will walk through a demonstration showing 80 types of insecure behaviors that can be hidden in applications, that can be uncovered using runtime analysis.