Auditing Source Code

The objective of the talk is to understand the common problems when developing code written in C/C++. It can be used as starting point to identify security problems when writing applications. The overall focus will be on the prevention of security vulnerabilities and the implementation of technical countermeasures.

Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker's point of view.


Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews. He is the Founder of Security Compass providing consulting services for major software companies & Fortune 500 companies.

He is writing for an upcoming title "Buffer Overflow Attacks: Detect, Exploit & Prevent" and is a contributing author for "Windows XP Professional Security" and "HackNotes: Network Security".

Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written for security focus.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he not only helped develop the "Secure Coding" class but also contributed and taught the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Apart from working for Foundstone, some of the other companies Nish has worked with include TD Waterhouse, The Axa Group and Sun Microsystems.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.