In Module 4 of C1b3rWall Academy 2021 we take a closer look at programming languages. Bruno Chenoll Matienzo is a Computer Engineer from the University of Granada. He participated in Capture the Flag competitions and hacking platforms such as HackTheBox. He was Red Teamer for Santander Bank and is currently a backend developer working with Python and PostgreSQL. He participates in C1b3rWall with a lecture on ” Rusty cybersecurity”.

The aim of his talk is to raise awareness of the drawbacks of using a non-secure programming language and to showcase secure alternatives.

Why classical languages are not secure

A secure language is one that, at compile time, verifies that the programmer has not made any error in memory management. In high-level languages, memory is automatically managed by garbage collectors, so… If we use high-level languages, are we creating safe programs?

Example of a safe language: Rust

Rust is a low-level language that compiles to machine code like C. How does Rust ensure safe memory management? The answer is simple: with a method called “borrow checker”. This method keeps track of each variable and does the checks that a cybersecurity expert would do to check for memory errors such as “use after free”, “stack overflow”, “double free”, “heap overflow” or “null pointers dereferences”. All these checks are done at compile time, being very complicated for a program to compile with memory management failures.

It must be taken into account that the learning curve for Rust is very high, it takes a lot to learn how to master it, although, once this is done, productivity skyrockets. The ecosystem is very new, there is a lack of tested and mature packages in terms of time and testing, in addition, the compilation times are high (due in part to the borrow checker).

There are several companies and services that use Rust: Discord, Amazon, Facebook, Cloudflare, Microsoft, NPM, Figma, Coursera, Dropbox…

Programming languages are a whole world to discover. Bruno explains which ones are the most secure and how we can implement them efficiently. You can register here for free and learn more about this topic.

  The full article is available on News 365.

Posted by Juan M. Corchado

Juan Manuel Corchado (15 de Mayo de 1971, Salamanca, España) Catedrático en la Universidad de Salamanca. Ha sido Vicerrector de Investigación desde el 2013 hasta el 2017 y Director del Parque Científico de la Universidad de Salamanca. Elegido dos veces como Decano de la Facultad de Ciencias, es Doctor en Ciencias de la Computación por la Universidad de Salamanca y, además, es Doctor en Inteligencia Artificial por la University of the West of Scotland. Dirige el Grupo de Investigación Reconocido BISITE (Bioinformática, Sistemas Inteligentes y Tecnología Educativa), creado en el año 2000. Director del IOT Digital Innovation Hub y presidente del AIR Institute, J. M. Corchado también es Profesor Visitante en el Instituto Tecnológico de Osaka desde enero de 2015, Profesor visitante en la Universiti Malaysia Kelantan y Miembro del Advisory Group on Online Terrorist Propaganda of the European Counter Terrorism Centre (EUROPOL). J. M. Corchado ha sido presidente de la asociación IEEE Systems, Man and Cybernetics, y coordinador académico del Instituto Universitario de Investigación en Arte y Tecnología de la Animación de la Universidad de Salamanca e investigador en las Universidades de Paisley (UK), Vigo (Spain) y en el Plymouth Marine Laboratory (UK). En la actualidad compagina toda su actividad con la dirección de los programas de Máster en Seguridad, Animación Digital, Telefonía Movil, Dirección de Sistemas de Información, Internet de las Cosas, Social Media, Diseño e Impresión 3D, Blockchain, Z System, Industria 4.0, Gestión de Proyectos Ágiles y Smart Cities & Intelligent Buildings​, en la Universidad de Salamanca y su trabajo como editor jefe de las revistas ADCAIJ (Advances in Distributed Computing and Artificial Intelligence Journal), OJCST (Oriental Journal of Computer Science and Technology) o Electronics MDPI (Computer Science & Engineering section). J. M. Corchado desarrolla principalmente trabajos en proyectos relacionados con Inteligencia Artificial, Machine Learning, Blockchain, IoT, Fog Computing, Edge Computing, Smart Cities, Smart Grids y Análisis de sentimiento.