WORKSHOP
CI/CD with SAST and DAST for Embedded Devices
November 19th @ 16:00 - 18:00 (GMT +4) // HITB CommSec Track
All
Skill Level
150
CAPACITY
2:00h
Duration
Zoom
DELIVERY
OVERVIEW
Learn about approaches to general quality assurance and security testing on real hardware in an automated way. We share our story about going from zero to full automation for multiple device families on a scale using FOSS and commercial tools blended with homebrew solutions and a pinch of creative thinking.
who should attend?
SWEs, SDETs, AppSec engineers who want to build or improve their CI/CD pipeline for embedded devices, and embedded pentesters who want to automate some aspects of their work.
KEY LEARNING OBJECTIVES
Automating firmware (security) testing on real hardware and scaling it to hundreds of devices.
TOPICS COVERED
An in-depth review of hardware harness one might need to integrate a real device into a CI/CD pipeline using Raspberry Pi as a platform for UART, JTAG and different wireless communication protocols
An in-depth review of software for CI/CD: leveraging Python and available libraries together with CI/CD, SAST and homebrewed software
How to scale testing to hundreds of devices
- Integrating security steps into different parts of embedded CI/CD pipeline
- Reusing approaches from embedded pipelines to test companion APIs and services
Ready To HACK?
SPEAKERS
Andrey Voloshin
Head of Embedded dept at Thea Auto, a connected cars company, developing systems & software for car telemetry. Additionally teaching application security at TechMaker (https://techmaker.ua) – a special appsec course for software developers explaining every aspect of the backend, frontend, mobile applications security, hardware security, including side-channel attacks and RF-signals hacking.
Sasha Olenyev
Sasha Olenyev, embedded developer at Thea Auto, a connected cars company, developing systems & software for car telemetry. Additionally teaching firmware development at TechMaker (https://techmaker.ua) – an embedded programming course featuring STM32 ARM-based development boards.
Illia Tolokonnikov
Illia is an embedded pentester. He also teaches about cryptography and binary exploitation as a part of application security course at TechMaker (https://techmaker.ua)
