[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Lisa Thalheim (Independent Network Security Consultant)

Filed under: Main Page — Administrator @ 4:41 pm

May 16, 2006

Presentation Title: Visualising Source Code for Auditing
Presentation Details:

Auditing large amounts of source code can be a challenging task. With ever-growing software, hardly anyone has the time (aka money) and patience to read each and every single line of code there is. Thus, a crucial point is to get an overview of the code, to identify potentially interesting areas of code, understand how different parts of the code interrelate, sometimes even to reverse engineer the architecture implicitly contained in source code, for the documentation on the particular code is often either outdated or nonexistent. This pinpointing of interesting areas within the code is especially important and useful when professionally auditing for security-relevant bugs in given code.

The purpose of this talk is to show how information visualization techniques as well as techniques from compiler design can be used to help an auditor to quicklier and better understand large amounts of source code and thereby become a more efficient auditor. I will also show the latest development of Charles, a tool I develop to implement and assess the various source visualization ideas.

This ongoing work has developed from my professional experiences as a code auditor as well as from my private investigations into publicly available
source code.

About Lisa:

Lisa has spent a good part of the last seven years making and breaking software. She has worked in the field of wireless network security, biometrics, and bug finding in source and binaries. After four years of professional experience in software engineering and coding, she started working as a freelance computer security consultant two years ago, auditing software for security issues in both source and binary form. In the remaining time, she has worked on her duties as a student and is about to complete her diploma degree of Computer Science at the Humboldt University of Berlin, working on the issue of Security in Grid Computing.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore