Drew Varner
GIAC exploit researcher & advanced penetration tester
An Erlang and Elixir enthusiast trying to bring functional to Federal. Drew is a GIAC Exploit Researcher & Advanced Penetration Tester.
Drew is the founder of NineFX, a software firm focused on the US Federal market. He has worked professionally as an Erlang software engineer for the last five years.
Past Activities
Code BEAM SF 2019
15.20 - 15.45
FIPS 140-2 in BEAM apps
Erlang's crypto module has supported a "FIPS mode" since release 20.0. Drew will discuss why you may care about FIPS 140-2 encryption, ways to integrate it into your tests suites and gotchas to compliance. He will discuss how simply putting crypto in FIPS mode is not enough.
Learn how dependencies and built-in libraries can sneak non-FIPS crypto into your application. Drew will also cover some general techniques to detect security issues in your code.
OBJECTIVES
- Familiarize audience with FIPS 140-2 cryptography mode and why they may care about it
- Provide examples of how to validate a BEAM application's compatibility with FIPS 140-2 mode enabled
TARGET AUDIENCE
- Software vendors that have the US Federal government as a potential customer
- Software developers looking to validate that their application runs without dependencies on insecure cryptographic algorithms