Software Integrity Blog

Author Archive

Chandu Ketkar

cketkar

Chandu Ketkar is a principal security consultant at Synopsys. His vast security expertise includes architecture security, secure design assessment automation, medical device and systems security, cryptography, mobile application security, maturity models, and software security initiatives (SSI). Chandu also has over 25 years of experience building software and says if he knew back then what he knows now, he would have built it a lot safer. He is a member of the AAMI and is actively engaged in creating an automation tool to scale architecture/design risk assessments. When he’s not building code for medical devices, Chandu relaxes by singing and listening to music.


Posts by Chandu Ketkar:

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices […]

Continue Reading...

Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Software developers vs. software security: Why can’t we all get along?

I was a software developer for over 20 years before I switched to the application/software security field. Being a part of several software engineering teams in my early career, and later becoming a security analyst, has put me in a unique position to understand these two worlds. Although I continue to enjoy the security assessment […]

Continue Reading...

Posted in Maturity Model (BSIMM) | Comments Off on Software developers vs. software security: Why can’t we all get along?

 

What happens at Archimedes: All there is to know about medical device security

From a security viewpoint, medical devices differ from conventional web applications, mobile applications, and other types of embedded applications which security researchers commonly encounter. First, medical devices come in many forms: devices that are embedded in the human body, used in hospitals, and used by patients at home. Security professionals need to recognize the context […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Web Application Security, Webinars | Comments Off on What happens at Archimedes: All there is to know about medical device security

 

Making strides in medical device security

Medical device security is hard and there is no denying that most medical devices, especially those connected to the Internet, lack adequate security controls. As Dr. Gary McGraw and I discussed in our Search Security article, there is a lot of work to be done in the domain of medical device security. But, the good […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Making strides in medical device security

 

Poodle: Yet another attack on SSLv3 (SSL 3.0)

Chandu Ketkar reviews the Poodle attack on SSLv3, including the anatomy of the attack, its impact, and how to mitigate it.

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on Poodle: Yet another attack on SSLv3 (SSL 3.0)

 

Standard versus proprietary security protocols

Standard Security Protocols An encyclopedia defines a security protocol as “a sequence of operations that ensure protection of data. Used with an underlying communication protocol, it provides secure delivery of data between two parties.” We use security protocols in everyday computing. For example, when we use our domain credentials to login to a Microsoft Windows […]

Continue Reading...

Posted in Mobile Application Security, Security Standards and Compliance | Comments Off on Standard versus proprietary security protocols