“Move Fast and Secure Things (with Static Analysis)” — Ibrahim Mohamed El-Sayed
“Move Fast and Secure Things (with Static Analysis)” — Ibrahim Mohamed El-Sayed (PDF)
This talk focuses on how to use static analysis to improve the security posture of a company. Inside the talk, we dive into example of bugs that can be detected with static analysis, the different modes of static analysis being used inside facebook as an example of how to move fast and secure the codebase. We then move into challenges and limitations of static analysis and we end up with some numbers to demonstrate how helpful is static analysis in the detection of security bugs.
Ibrahim Mohamed El-Sayed
Ibrahim Mohamed El-Sayed is a Security Engineer, based at Facebook’s London HQ. Ibrahim focuses on using Static Analysis for security bug detection. He spends most of his time improving static analysis tools and writing new rules to detect new type of security bugs. In addition to static analysis Ibrahim also participates in CTFs on a regular basis. As a security researcher Ibrahim has been acknowledged by many companies for security findings in their products. Some of these companies are PayPal, Etsy, Google, Adobe, Microsoft, Yahoo, AT&T, Dell, Deutsche Telekom and others.