[ :: mainpage :: register :: conference :: training :: venue map :: agenda :: press/media ]
[ :: capture the flag (CTF) :: zone-h hacking challenge :: open-hack :: forum :: sponsors ]
[ :: contact :: past conferences :: open source security project showcase ]

Conference presentation materials have been released.
You can download them from Packet Storm

Nish Bhalla

Filed under: Conference Speakers — Administrator @ 8:21 pm

April 21, 2005

Presentation Title: Analyzing Code for Security Defects
Presentation Details: The objective of the talk is understanding how to review large code bases for security defect. It can be used as methodology to identify security problems when reviewing code. The overall focus will be on the finding security vulnerabilities and the implementation of countermeasures however, the same techniques can also be implemented to help develop secure development practices.

Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker’s point of view. The talk will cover basics of threat analysis, how to assess threats and what are some of the vulnerabilities that could exists in code when performing code reviews for large code bases.

About Nish:

Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews.

He has coauthored “Buffer Overflow Attacks: Detect, Exploit & Prevent”and is a contributing author for “Windows XP Professional Security” and “HackNotes: Network Security”. Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written articles for securityfocus.com and also spoken at web seminars for Global Knowledge and University of Florida.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews for major software companies, online banking and trading web sites, and e-commerce sites. He also helped develop and teach the “Secure Coding” class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Comments are closed.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Main Sponsor

Microsoft Corporation

Official Airline Partner

Malaysia Airlines

Open-Hack Sponsor

VIA Technologies Inc.

CTF Sponsor

Scan Associates

CTF Prize Sponsor


Media Partners:

The Virus Bulletin Conference takes place at The Burlington, Dublin, Ireland, 5 to 7 October 2005. Register here.

Phrack Magazine

Our Speakers Are Supported By:

Bellua Asia Pacific

F-Secure Corporation

Supporting Organizations


Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore