<

Drew Varner

GIAC exploit researcher & advanced penetration tester

An Erlang and Elixir enthusiast trying to bring functional to Federal. Drew is a GIAC Exploit Researcher & Advanced Penetration Tester.

Drew is the founder of NineFX, a software firm focused on the US Federal market. He has worked professionally as an Erlang software engineer for the last five years.

 

Upcoming conferences:

Drew Varner
Code BEAM SF 2019

FIPS 140-2 in BEAM apps

Erlang's crypto module has supported a "FIPS mode" since release 20.0. Drew will discuss why you may care about FIPS 140-2 encryption, ways to integrate it into your tests suites and gotchas to compliance. He will discuss how simply putting crypto in FIPS mode is not enough.

Learn how dependencies and built-in libraries can sneak non-FIPS crypto into your application. Drew will also cover some general techniques to detect security issues in your code.

OBJECTIVES

  • Familiarize audience with FIPS 140-2 cryptography mode and why they may care about it
  • Provide examples of how to validate a BEAM application's compatibility with FIPS 140-2 mode enabled

TARGET AUDIENCE

  • Software vendors that have the US Federal government as a potential customer
  • Software developers looking to validate that their application runs without dependencies on insecure cryptographic algorithms