Software Security Trends
6 jan. 2013Tags: Hig
Literature
Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. (469,- in Mjøsbok)
Info
Individual topics counting 100% of the grade was selected during the first lecture. We are going to present our topics in weeks 14-19 depending on the topic. Final deadline is the 21th of May (2013). Every student must peer review two other topics in order to give feedback.
Lectures
- Lecture 1: Introduction (Chapter 1)
- Lecture 2: Design principles - Java 7u10 - Race conditions (Chapter 1,2)
- Lecture 3: State of the practice and .NET security (Chapter 3,5,6,7,8,17,18)
- Lecture 4: Software security theory (Chapter 4,6)
- Lecture 5: User interface vulnerabilities (Chapter 17,18)
- Lecture 6: Sandboxing and online banking
- Lecture 7: Build system - test automation - Secure development - PE executable and MitB
Paper, presentation and code
Other sources
See WebGoat project and WebScrab projects of OWASP.
Capture the flag contest during spring
Software Security (Assurance) State of the Art:
Some thoughts... I read most of this paper, and although it was quite boring at times, I found some pages quite interesting:
5.2.2 talks about how "negative" requirements like "the software must not be susceptible to buffer overflows" must be analyzed and converted to actionable requirements like "input validation" and "exception handling".
5.2.3.1 Issues with modeling,
5.2.3.1.1 Microsoft threat modeling,
5.2.3.2.1 Misuse vs abuse cases,
5.3.1 Design principles (as seen in Applied Information Security),
5.5.2.1 White box techniques,
5.5.2.4 Compiler optimizers can introduce new vulnerabilities,
Table 5-14 Software and application security checklists,
7.1.1.1 and 7.1.1.2 Websites and portals to follow,
8.5 Developer liability in 8.5.
Snarveier
Flere fra skole