2025-04-28 –, MAIN TRACK
Static analysis is crucial but limited in detecting vulnerabilities tied to dynamic data and runtime behavior. This session introduces symbolic execution to extend SAST’s capabilities, showcasing how symbolic execution improves vulnerability detection through symbolic execution, illustrated with real-world examples and demonstrations.
Static Application Security Testing (SAST) is a vital tool for securing software, but its limitations, such as difficulty handling complex inputs, runtime behaviors, and dynamic data, can lead to missed vulnerabilities and false positives. This session explores these challenges and introduces symbolic execution, enhanced with artificial intelligence, as a game-changing solution. Symbolic execution goes beyond traditional static analysis by simulating all possible execution paths of a program, abstracting inputs symbolically to uncover hidden vulnerabilities like race conditions, memory safety violations, and edge case errors. We’ll also discuss the limitations of symbolic execution, such as path explosion, and strategies to mitigate them.
Jason Kramer is a security researcher at ObjectSecurity, where he is dedicated to advancing the state of the art in binary vulnerability analysis, and secure and robust AI. With a bachelor's degree in computer science from San Diego State University, he is focused on ensuring trust, security, privacy, bias, and robustness of AI/ML models. Jason has led the development efforts of a commercial solution for the detection and repair of vulnerabilities in deep learning systems. His passion for improving the field has driven him to push the boundaries of what is possible and make a meaningful impact in the fields of cybersecurity and AI.
Ulrich Lang received his PhD from the University of Cambridge Computer Laboratory (Security Group) on access policies for middleware in 2003 after having completed a master's degree in Information Security from Royal Holloway College (London) in 1997. With 20+ years in infosec, he is a renowned cybersecurity thought leader in OT security, binary analysis, trusted AI, access control policy etc. He was on the Board of Directors of the Cloud Security Alliance (Silicon Valley Chapter). He is responsible for the business and technical strategy, architecture and direction of ObjectSecurity and its product portfolio. He has published over 150 papers/presentations, 10+ patents, and has previously worked as a proposal evaluator, project evaluator, conference program committee, panel moderator, consultant, and book author.