One of the most interesting sessions at Black Hat 2007 was the Iron Chef session where researchers battled the clock and each other to find security exploits in applications. This year Iron Chef is back and supersized! I spoke with Fortify’s Jacob West and Brian Chess about the return of Black Hat and both men were excited to be back.
This time around they’ve doubled the length of the event and are including both static analysis and fuzzing. As well, last time around the Iron Chef event was somewhat overshadowed by the iPhone session that occured at the same time. So this time out, the iPhone security researcher will be a participant in the Iron Chef competition.
Fortify has also solicited some interesting talent to help judge the event. Mozilla’s Chief Security person, Window Snyder will be on hand to help decide whose ‘security cuisine is supreme!.
Personally I’m amazed that vulnerabilities can be found so quickly in a live event. West assured me that participants will not know what application they will be given, so it really is a true test of skill.
As an adjunct, Fortify is also running an online hacking competition this year too, so for those of us not skilled enough to be on the official Iron Chef stage, we can try out our skills in an online ‘kitchen stadium.’