WORKSHOP

CI/CD with SAST and DAST for Embedded Devices

November 19th @ 16:00 - 18:00 (GMT +4) // HITB CommSec Track

All

Skill Level

150

CAPACITY

2:00h

Duration

Zoom

DELIVERY

OVERVIEW

Learn about approaches to general quality assurance and security testing on real hardware in an automated way. We share our story about going from zero to full automation for multiple device families on a scale using FOSS and commercial tools blended with homebrew solutions and a pinch of creative thinking.

who should attend?

SWEs, SDETs, AppSec engineers who want to build or improve their CI/CD pipeline for embedded devices, and embedded pentesters who want to automate some aspects of their work.

KEY LEARNING OBJECTIVES

Automating firmware (security) testing on real hardware and scaling it to hundreds of devices.

TOPICS COVERED

An in-depth review of hardware harness one might need to integrate a real device into a CI/CD pipeline using Raspberry Pi as a platform for UART, JTAG and different wireless communication protocols

An in-depth review of software for CI/CD: leveraging Python and available libraries together with CI/CD, SAST and homebrewed software

How to scale testing to hundreds of devices

  • Integrating security steps into different parts of embedded CI/CD pipeline
  • Reusing approaches from embedded pipelines to test companion APIs and services

Ready To HACK?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

SPEAKERS

Head of Embedded, Thea Auto

Andrey Voloshin

Head of Embedded dept at Thea Auto, a connected cars company, developing systems & software for car telemetry. Additionally teaching application security at TechMaker (https://techmaker.ua) – a special appsec course for software developers explaining every aspect of the backend, frontend, mobile applications security, hardware security, including side-channel attacks and RF-signals hacking.

Embedded Developer, Thea Auto

Sasha Olenyev

Sasha Olenyev, embedded developer at Thea Auto, a connected cars company, developing systems & software for car telemetry. Additionally teaching firmware development at TechMaker (https://techmaker.ua) – an embedded programming course featuring STM32 ARM-based development boards.

Embedded Pentester

Illia Tolokonnikov

Illia is an embedded pentester. He also teaches about cryptography and binary exploitation as a part of application security course at TechMaker (https://techmaker.ua)