Chris Oberlander
Topic:
More Secure Scripting
Company:
MSCE: Security, UCLA
Title:
Programmer/Analyst Chris Oberlander has worked in IT for over 10 years. He's worked for Aon, Computer Sciences Corporation and the State of California. Chris has assisted with many scripting and automation projects over time, including automating insurance and server/workstation building workflows. He has written in C++, MS Shell, WIL, VBS, Linux Shells (bash, tcsh, csh etc), Perl among others. His projects range from a few computers to thousands of computers.
Abstract:
Chris will systematically go through the various options used for scripting (e.g perl, shell, vb etc) and the main pitfalls in each of them including demos of good and bad looking scripts. Writing more secure scripts does take extra time and there will be employers and managers that will tell you to worry about security later.
However, the cost to fix a problem after the fact nearly always will cost more then to secure a script atthe time of creation. Moreover, if a script of yours circumvents other security, like a comprised password leading to unauthorized access, then your employer could face very high remediation and litigation costs.