avatar for Kunal Anand

Kunal Anand

A web security model entirely predicated on applying pattern matching is at best a zero-sum game. Probabilistically, pattern matching (regular expressions) cannot prevent attacks generated by tools such as fuzzers. This talk will explore language security (LANGSEC) as an alternative methodology. This talk will lay the foundation via informal and formal theory how lexers, tokenizers and parsers work. We’ll move onto constructing an open source toolchain to analyzing data and exploring interactive data visualizations. Along the way, we’ll cover performance tradeoffs and discuss the challenges of modern application security. By the end of this talk, you’ll know more about implementing LANGSEC to help analyze and prevent specific security attacks.

My Speakers Sessions

Tuesday, January 26