Securing the building blocks of embedded software
Embedded systems are special purpose systems that cover a wide range of applications, from home electronics and industrial control systems, to medical devices and avionics. The remote management & telemetry features of the so called "Internet of Things" family of embedded devices, have made them quite popular and their placement is almost ubiquitous. From a security standpoint, embedded software is not that different to software found in other domains. However, the criticality of its operation, its exposure on public networks, but also its security limitations make it a very attractive target for attackers. This article presents an overview of the building blocks of today's embedded software, analyses inherent weaknesses in the way this software is built and deployed, and highlights recent developments in the handling of the relevant risk.
Security B-Sides 2017 Athens
CENSUS participated in the "Security B-Sides 2017 Athens" conference with a presentation by Ioannis Stais on the automated discovery of expressions that bypass Web Application Firewalls and Filters, using learning automata. The presentation was entitled "LightBulb Framework: Shedding Light on the Dark Side of WAFs and Filters" and followed Stais' and Argyros' previous research on the subject (see BlackHat Europe in 2016 presentation). The Security B-Sides presentation introduced an Extension for the Burp Suite web proxy application that allows for easier integration of the expression discovery technique to the standard toolbox of web application penetration testers.
2nd ENISA eHealth Cyber Security workshop
CENSUS director of Product Security Services, Dr. Dimitrios Glynos gave a presentation on the topic of "Medical Device Security" at the "2nd ENISA eHealth Cyber Security" workshop held in Vienna, Austria on November 23rd 2016. ENISA is the European Union's Agency for Network and Information Security. Along with the workshop, ENISA published on the same month the "Smart Hospitals - Security and Resilience for Smart Health Service and Infrastructures" study.
Black Hat Europe 2016
CENSUS will be participating at the Black Hat Europe 2016 conference, in London with a presentation by George Argyros and Ioannis Stais on the theme of automated evasion of Web Application Firewalls (WAFs). The presentation's title is Another Brick Off the Wall: Deconstructing Web Application Firewalls using Automata Learning and will take place on Thursday November 3rd 2016 at 14:30 in the Auditorium room of the Business Design Center venue.