Skip to main content

Tom Palarz

Tom Palarz is a Principal Security Researcher at Veracode. His primary research focus is on static analysis of languages and frameworks. He also has a bit of a knack for embedded systems and low level tech. Prior to joining Veracode, he spent several years building software and then several years breaking it. In his current role, he is helping developers and security folks alike build more secure software.

Posts by Tom Palarz
  • Vegas Cons 2016 Wrap Up
    August 18, 2016  | Research
    Vegas Cons 2016 Wrap Up

    In my earlier post, I gave my thoughts on what the trends were so far part way through the set of conferences last week (BSidesLV, Blackhat, and DefCon24). In this post, I wrap up my thoughts for the week’s conferences. There were several great talks I missed at BSides this year. Two in particular were ones I’m bummed I missed: one on FOIA requests [http://sched.co/7a8k] (given some recent… READ MORE

Stay up to date on Application Security

  • Crypto Fun at Black Hat 2016

    This year’s Black Hat Briefings included many outstanding talks; being a bit of a crypto geek, the one that particularly piqued my interest was the practical forgery attack on the Galois/Counter Mode (GCM) mode of operation: Nonce Disrespect (slides [pdf], paper [pdf], example code) GCM is an authenticated encryption mode where authentication and ciphering are done in one pass across a message.… READ MORE

  • DEF CON 24: Day One
    August 8, 2016  | Research
    DEF CON 24: Day One

    DEF CON is at a new venue since my last visit (two years ago), and I have to give props to the conference staff for all the hard work they’ve put in. Lines to get to talks and villages are still incredibly long as ever, and make it hard to justify the time to wait and missing out on something else. Some trends I’m noticing so far: The car hacking industry is maturing a bit with multiple players… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.