Important notice about SecAppDev 2020

Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.

We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.

SecAppDev 2020 Lecture Details

How Rust helps us make safer and more secure code

Jake Goulding
Tuesday March 10, 14:00 - 15:30
Short description

Rust promises to help us write better, safer code, but how exactly does it do so? Marketing can only convince us of so much. Join us to learn about the details for yourself.

Abstract

We will dive into specific aspects of Rust that help make programs safer by default. Learn how Rust's lifetimes and borrowing semantics help prevent programming mistakes that are all-too-common in many prevalent low-level programming languages. See how these same techniques extend to thornier problems like multithreading. Rust is no silver bullet, so we will also discuss places it won't help, and we'll cover some well-known security issues and discuss whether Rust would have mitigated the problems.

Key takeaway

Programming in languages like C or C++ is fraught with peril, but we are no longer restricted by a handful of weak choices; we have better options.

Content level

Introductory

Target audience

Systems programmers who want a better language or higher-level programmers looking for performance.

Prerequisites

Knowledge of languages like C or C++ and how they allow certain types of security vulnerabilities is useful but not required.


SecAppDev is the most immersive application security course you have ever seen

Book your seat now

Jake Goulding

Jake Goulding

Co-founder, Integer 32

Jake Goulding started his career writing performance-minded C code before pivoting to web applications in Ruby on Rails. He is a member of the Rust Infrastructure Team, maintainer of the Rust Playground, and manages several Rust crates in the areas of error handling, parsing, XML, hashing, and assembly intrinsics. He may be best known for being the number 1 contributor on the Rust tag on Stack Overflow.

Full speaker profile


Related low-level security sessions

Hands-on introduction to Rust

One-day workshop by Jake Goulding and Carol Nichols

Haven't done any Rust? Want to know what makes Rust so special? Want the ability to ask two highly experienced Rust developers nuanced questions? Join us as we go hands-on with Rust, starting from an empty file and learning about the Rust ecosystem, pervasive and unique-to-Rust concepts, and areas where Rust truly shines.

Low-level security Thursday March 12, 09:00 - 17:30

Rust - A Language for the Next 40 Years

Lecture by Carol Nichols

This session provides a high-level overview of the safety and stability of the Rust programming language in its historical context.

Low-level security Friday March 13, 11:00 - 12:30

Trusted Execution and how far you can trust it

Lecture by Jan Tobias Muehlberg

Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!

Low-level security Wednesday March 11, 09:00 - 10:30

Security of embedded devices - an introduction

Lecture by Lennert Wouters

This session introduces the main components of the embedded device ecosystem and some of the common security pitfalls. We do this by looking at real world examples and by demonstrating easy to use techniques.

Low-level security Friday March 13, 09:00 - 10:30

Introduction to low-level software security

Lecture by Frank Piessens

Learn about memory management vulnerabilities, the attack techniques to exploit them, and the countermeasures that can be taken to defend against them.

Low-level security Tuesday March 10, 11:00 - 12:30