Real World Software Assurance Test Suite: STONESOUP
|
|
- Clementine McKinney
- 8 years ago
- Views:
Transcription
1 Real World Software Assurance Test Suite: STONESOUP Charles Oliveira/SAMATE Guest Researcher at Software and Systems Division, IT Laboratory NIST
2 Outline - Introduction STONESOUP program Test suite Test case sample TEXAS usage Documents and reports 2
3 Introduction - SOUP 3rd party software Open source libs libssl libxml libpq... Is this Software Of Unknown Provenance (SOUP) safe? Frameworks Java/ Spring C++/ Boost PHP/ Zend... Standalone apps Apache Postgres Drivers... Application 3
4 STONESOUP program Securely Taking On New Executable Software Of Uncertain Provenance (STONESOUP) 4
5 STONESOUP program The goal of STONESOUP program was to eliminate the effects of vulnerabilities in software applications by: - extending the scope and capability of approaches for analysis, confinement, and diversification; - addressing a wide range of security vulnerabilities within the same framework; - integrating approaches to leverage the strengths and weaknesses of each; - adding no more than 10% running time slowdown. 5
6 STONESOUP program Phase 1 Neutralize 75% of vulnerabilities of 2 weakness types in 10k SLOC programs Phase 2 Neutralize 80%+ of vulnerabilities of 4 weakness types in 100k SLOC programs Phase 3 Phase 3 performers were those that made significant progress in Phase 2 as measured by the program metrics. The three teams and the names of their developmental tools are: Kestrel Institute - VIBRANCE (video) Columbia University - Minestrone Grammatech - PEASOUP Neutralize 90%+ of vulnerabilities of 6 weakness types in 500k SLOC programs 6
7 STONESOUP program - Performers STONESOUP performers neutralize vulnerabilities in: 7
8 STONESOUP program - Test & Evaluation System - Test & Evaluation execution and Analysis System (TEXAS) was designed and developed to test Performer technology - Developed by STONESOUP team - Command Line Interface (CLI) to run and evaluate tests cases - Communication API to interact to Performer s tools 8
9 Test suite - Base programs GNU Tree GNU Grep JTree Number of test cases per base program in 9 red circles
10 Test suite - CWEs for C programs Weakness type CWEs (56) Concurrency handling(765) Injection(701) Number handling(725) Resource drains(733) Memory corruption(965) Null pointer(693)
11 Test suite - CWEs for C programs Weakness type CWEs (56) Concurrency handling(765) CWE-363: Race Condition Enabling Link Following (2.8) 078(TOCTOU) Race Condition (2.8) Injection(701) CWE-367: Time-of-check Time-of-use CWE-412: Unrestricted Externally Accessible Lock (2.8) Number Missing handling(725) CWE-414: Lock Check (2.8) CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context (2.8) CWE-609: Double-Checked (2.8) Resource drains(733) Locking CWE-663: Use of a Non-reentrant Function in a Concurrent Context (2.8) CWE-764: Multiple Locks of a Critical 120Resource (2.8) Memory corruption(965) CWE-765: Multiple Unlocks of a Critical Resource (2.8) CWE-820: Missing Synchronization (2.8) CWE-821: Incorrect Synchronization (2.8) 476 Null pointer(693) CWE-833: Deadlock (2.8) CWE-831: Signal Handler Function Associated with Multiple Signals (2.8) CWE-828: Signal Handler with Functionality that is not Asynchronous-Safe (2.8) CWE-479: Signal Handler Use of a Non-reentrant Function (2.8) 11
12 Test suite - CWEs for C programs Weakness type CWEs (56) Concurrency handling(765) Injection(701) OS Number handling(725) CWE-078: Command Injection (2.8) CWE-088: Argument Injection or Modification (2.8) 400SQL 459Injection (2.8) Resource drains(733) CWE-089: Memory corruption(965) Null pointer(693)
13 Test suite - CWEs for C programs Weakness type CWEs (56) Concurrency handling(765) Injection(701) Number handling(725) CWE-190: Integer Overflow Wraparound (2.8) or Resource drains(733) CWE-191: Integer Underflow (Wrap or Wraparound) (2.8) CWE-194: Unexpected (2.8) 120Sign 124 Extension Memory corruption(965) CWE-195: Signed to806 Unsigned Conversion Error (2.8) CWE-196: Unsigned to Signed Conversion Error (2.8) 476 Null pointer(693) CWE-197: Numeric Truncation Error (2.8) CWE-369: Divide By Zero (2.8) CWE-682: Incorrect Calculation (2.8) CWE-839: Numeric Range Comparison Without Minimum Check (2.8) 13
14 Test suite - CWEs for C programs CWE-400: Resource Exhaustion (2.8) CWE-459: Incomplete Cleanup (2.8) Weakness type Recursion (2.8) CWEs (56) CWE-674: Uncontrolled CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling (2.8) (2.8) CWE-789: Uncontrolled Memory Allocation Concurrency handling(765) CWE-834: Excessive Iteration (2.8) CWE-835: Infinite Loop (2.8) CWE-401: Memory Leak (2.8) Injection(701) CWE-771: Missing Reference to Active Allocated Resource (2.8) CWE-773: Missing Reference to Active File Descriptor or Handle (2.8) Number handling(725) CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime (2.8) Resource drains(733) Memory corruption(965) Null pointer(693)
15 Test suite - CWEs for C programs Weakness type CWEs (56) CWE-120: Classic Buffer Overflow (2.8) CWE-590: Free of Memory not on the Heap (2.8) Free 543of not of (2.8) CWE-124: Buffer Underflow (2.8) CWE-761: Pointer at Start Buffer Concurrency handling(765) CWE-126: Buffer Over-read (2.8) CWE-785: Use of Path Manipulation Function without Maximum-sized Buffer (2.8) CWE-127: Buffer Under-read (2.8) CWE-805: Buffer Access with Incorrect Length Value (2.8) CWE-129: Improper Validation of Array Index CWE-806: Buffer Access Using Size of Source Buffer (2.8) Injection(701) CWE-134: Uncontrolled Format String (2.8) CWE-822: Untrusted Pointer Dereference (2.8) CWE-170: Improper Null Termination (2.8) CWE-824: of Uninitialized Pointer (2.8) Access Number handling(725) CWE-415: Double Free (2.8) CWE-843: Type Confusion (2.8) CWE-416: Use Afterdrains(733) Free (2.8) Resource Memory corruption(965) Null pointer(693)
16 Test suite - CWEs for C programs Weakness type CWEs (56) Concurrency handling(765) Injection(701) Number handling(725) Resource drains(733) Memory corruption(965) CWE-476: NULL (2.8) 806Pointer Dereference 843 Null pointer(693)
17 Test suite - CWEs for Java programs Weakness type CWEs (50) Concurrency handling(568) Injection(526) Number handling(532) Resource drains(532) Error handling(532) Tainted data(498)
18 Test suite - CWEs for Java programs Weakness type CWEs (50) Concurrency handling(568) CWE-363: Race Condition Enabling Link Following (2.8) (TOCTOU) Race Condition (2.8) Injection(526) CWE-367: Time-of-check Time-of-use CWE-412: Unrestricted Externally Accessible Lock (2.8) 190(2.8) Number handling(532) CWE-414: Missing Lock Check CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context (2.8) CWE-609: Double-Checked Locking (2.8) Resource drains(532) CWE-663: Use of a Non-reentrant Function in a Concurrent Context (2.8) CWE-764: Multiple Locks of a Critical Resource (2.8) Error handling(532) CWE-765: Multiple Unlocks of a Critical Resource (2.8) CWE-820: Missing Synchronization (2.8) Tainted data(498) CWE-821: Incorrect Synchronization (2.8) CWE-833: Deadlock (2.8) CWE-832: Unlock of a Resource that is not Locked (2.8) CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context (2.8) CWE-572: Call to Thread run() instead of start() (2.8) 18
19 Test suite - CWEs for Java programs Weakness type CWEs (50) Concurrency handling(568) Injection(526) CWE-078: OS Command Injection (2.8) Number handling(532) CWE-088: Argument Injection or Modification (2.8) Resource drains(532) CWE-089: SQL400 Injection (2.8) CWE-564: SQL Injection: Hibernate (2.8) Error handling(532) Tainted data(498)
20 Test suite - CWEs for Java programs Weakness type CWEs (50) Concurrency handling(568) Injection(526) Number handling(532) Integer Overflow or Wraparound (2.8) 835 ResourceCWE-190: drains(532) CWE-191: Integer Underflow (Wrap or Wraparound) (2.8) CWE-194: Unexpected Sign252 Extension (2.8) Error handling(532) CWE-195: Signed to Unsigned Conversion Error (2.8) to 036 Signed Error (2.8) Conversion 606 TaintedCWE-196: data(498)unsigned CWE-197: Numeric Truncation Error (2.8) CWE-369: Divide By Zero (2.8) CWE-839: Numeric Range Comparison Without Minimum Check (2.8) 20
21 Test suite - CWEs for Java programs Weakness type CWEs (50) CWE-400: Resource Exhaustion (2.8) CWE-459: Incomplete Cleanup363 (2.8) Concurrency handling(568) CWE-674: Uncontrolled Recursion (2.8) CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling (2.8) (2.8) 564 Injection(526) CWE-789: Uncontrolled Memory Allocation CWE-834: Excessive Iteration (2.8) Number handling(532) CWE-835: Infinite Loop (2.8) Resource drains(532) Error handling(532) Tainted data(498)
22 Test suite - CWEs for Java programs Weakness type CWEs (50) Exposure CWE-209: 363 Information Through an Error Message (2.8) Concurrency handling(568) 572 Exception (2.8) CWE-248: 567 Uncaught CWE-252: Unchecked Return Value (2.8) of Function Return Value (2.8) Injection(526)CWE-253: 078 Incorrect Check CWE-390: Detection of Error Condition Without Action (2.8) Error Number handling(532) CWE-391: 190 Unchecked Condition (2.8) CWE-460: Improper Cleanup on Thrown Exception (2.8) Resource drains(532) CWE-584: Return Inside Finally Block (2.8) Error handling(532) Tainted data(498)
23 Test suite - CWEs for Java programs Weakness type CWEs (50) Concurrency handling(568) Injection(526) Number handling(532) Resource drains(532) Error handling(532) Tainted data(498) CWE-023: Relative Path Traversal (2.8) CWE-036: Absolute Path (2.8) Traversal 835 CWE-041: Improper Resolution of Path Equivalence (2.8) CWE-606: Unchecked Input460 for 584 Loop Condition (2.8)
24 Test suite - Base programs - Total of 7770 test cases which generates ~240GB compressed!!! - The STONESOUP Test and Evaluation team (T&E) used 277 independent virtual machines simultaneously on Amazon Web Services between April and December 2014 for performers to run the test cases. - The NIST VM is 22GB and contains test cases patched from the base program - The strategy was to patch the test cases, distributing.diff files instead of whole copies of each base program 24
25 Test suite - Virtual Machine (VMware) - Download (11x2GB) at - OS: Ubuntu CPU: 4 VCPU recommended Memory: 4GB (8GB recommended) Storage: 59GB Total / 41GB Used / 16GB Available - Inside NIST_TT_VM folder there is a document with login and password for the VM - Important directories: - /opt/stonesoup: contains the entire NIST STONESOUP package including scripts and documents /opt/share: contains a TEXAS installation, test cases (diffs), base programs all their dependencies - Performers tools are not in the VM 25
26 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF
27 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 C or Java 27
28 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 CWE-476: NULL Pointer Dereference 28
29 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Algorithmic variant: refined CWEs mapped to a code snippet previously defined by T&E team 29
30 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Base program: CMUD Coffee MUD CTRE GNU Tree FFMP FFMpeg GIMP Gimp GREP GNU Grep OSSL OpenSSL PSQL Postgres SUBV Apache Subversion WIRE Wireshark ELAS Elastic Search JMET Apache JMeter JENA Apache Jena JTRE Java Tree LENY Apache Lenya LUCE Apache Lucene POIX Apache POI 30
31 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Injection point: represent specific locations in the base program that are guaranteed to be executed given the defined I/O pairs. Identifiers reference different injection points in each base program. 31
32 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Taint source: 01 ENVIRONMENT_VARIABLE 02 FILE_CONTENTS 03 SOCKET 04 SHARED_MEMORY 32
33 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Data type: 01 ARRAY 05 STRUCT 02 SIMPLE 06 TYPEDEF 03 VOID_POINTER 07 UNION 04 HEAP_POINTER 33
34 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Data flow: 01 ADDRESS_ALIAS_1 11 BASIC 05 ADDRESS_AS_CONSTANT 12 VAR_ARG_LIST 06 ADDRESS_AS_FUNCTION_RETURN_VALUE 17 BUFFER_ADDRESS_POINTER 10 INDEX_ALIAS_50 18 JAVA_GENERICS 34
35 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Control flow: 01 INTERCLASS_1 18 POINTER_TO_FUNCTION 08 INTERFILE_1 19 RECURSIVE 12 INTERPROCEDURAL_1 22 MACROS 16 INTERRUPT 26 FUNCT_INVOC_OVERLOAD 35
36 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01 Unique increment: increment in case of multiple test cases are sharing the same parameters aforementioned. 36
37 Test case sample (from the virtual machine) - Pick a test case in /opt/share/testcases/ - Chosen: C-C476C-SUBV-03-ST01-DT05-DF10-CF Browsing the test case - install/: this test case installation files scripts/: specific scripts to manage running process src/: the entire base program + files seeded with intentional weaknesses testdata/: input data which will [and won t] trigger the seeded weakness testoutput/: matching output data for each input data C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01.xml: TEXAS makefile C-C476C-SUBV-03-ST01-DT05-DF10-CF22-01.yaml: benign and exploiting inputs 37
38 TEXAS usage Stage 1: standard compilation Stage 2: compilation with performer technology Analysis/ Compilation Execution Scoring I/O Pairs Analysis/ Compilation The source code or binary of a program is scanned looking for CWE code patterns and applying diversification techniques to harden the resulting binary. The output of the Analysis phase is a binary executable. Execution The Execution step is run for each I/O, and involves actually invoking the binary created in the Analyze step with known inputs. Performer technology may also monitor the execution of the binary to look for execution patterns indicative of an attack in progress or software vulnerability. Scoring Scoring executed immediately after the Execution step and looks at the environment for the known outputs defined in the metadata for the given I/O pair that was executed. 38
39 Documents & Reports Main STONESOUP documents provided at SARD website: - Test and evaluation phase 3 final report Performers reports Weaknesses documentation Test cases creation guide TEXAS user guides Visit: 39
40 Questions? Charles Oliveira/SAMATE 40
Source Code Security Analysis Tool Functional Specification Version 1.0
Special Publication 500-268 Source Code Security Analysis Tool Functional Specification Version 1.0 Paul E. Black Michael Kass Michael Koo Software Diagnostics and Conformance Testing Division Information
More informationA Test Suite for Basic CWE Effectiveness. Paul E. Black. paul.black@nist.gov. http://samate.nist.gov/
A Test Suite for Basic CWE Effectiveness Paul E. Black paul.black@nist.gov http://samate.nist.gov/ Static Analysis Tool Exposition (SATE V) News l We choose test cases by end of May l Tool output uploaded
More informationMore Repeatable Vulnerability Assessment An introduction
Försvarets Materielverk/CSEC 2008 Document ID CB-039 Issue 0.4 More Repeatable Vulnerability Assessment An introduction Helén Svensson 1 Section Agenda Background Introduction to the following aspects
More informationCS 356 Lecture 23 and 24 Software Security. Spring 2013
CS 356 Lecture 23 and 24 Software Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSource Code Review Using Static Analysis Tools
Source Code Review Using Static Analysis Tools July-August 05 Author: Stavros Moiras Supervisor(s): Stefan Lüders Aimilios Tsouvelekakis CERN openlab Summer Student Report 05 Abstract Many teams at CERN,
More informationJava 7 Recipes. Freddy Guime. vk» (,\['«** g!p#« Carl Dea. Josh Juneau. John O'Conner
1 vk» Java 7 Recipes (,\['«** - < g!p#«josh Juneau Carl Dea Freddy Guime John O'Conner Contents J Contents at a Glance About the Authors About the Technical Reviewers Acknowledgments Introduction iv xvi
More information(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
(General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
More informationLeak Check Version 2.1 for Linux TM
Leak Check Version 2.1 for Linux TM User s Guide Including Leak Analyzer For x86 Servers Document Number DLC20-L-021-1 Copyright 2003-2009 Dynamic Memory Solutions LLC www.dynamic-memory.com Notices Information
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationSoftware Vulnerabilities in Programming Languages and Applications
Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationRapid Security Framework (RSF) Taxonomie, Bewertungsparameter und Marktanalyse zur Auswahl von Fuzzing-Tools
Rapid Security Framework (RSF) Taxonomie, Bewertungsparameter und Marktanalyse zur Auswahl von Fuzzing-Tools Prof. Dr. Hartmut Pohl Peter Sakal, B.Sc. M.Sc. Motivation Attacks Industrial espionage Sabotage
More informationD. Best Practices D.1. Assurance The 5 th A
Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.1. Assurance The 5 th A 1 of 20 IT systems are insecure for two main reasons: People are fallible and systems are complex and
More informationAutomating Security Testing. Mark Fallon Senior Release Manager Oracle
Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage
More informationUnix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>
Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationVirtuozzo Virtualization SDK
Virtuozzo Virtualization SDK Programmer's Guide February 18, 2016 Copyright 1999-2016 Parallels IP Holdings GmbH and its affiliates. All rights reserved. Parallels IP Holdings GmbH Vordergasse 59 8200
More informationKEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)
TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
More informationSQL Injection Attack Lab Using Collabtive
Laboratory for Computer Security Education 1 SQL Injection Attack Lab Using Collabtive (Web Application: Collabtive) Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document
More informationLinux Kernel. Security Report
Linux Kernel Security Report September 25 Authors: Andy Chou, Bryan Fulton and Seth Hallem Coverity has combined two years of analysis work carried out in a commercial setting at Coverity with four years
More informationOperating Systems and Networks
recap Operating Systems and Networks How OS manages multiple tasks Virtual memory Brief Linux demo Lecture 04: Introduction to OS-part 3 Behzad Bordbar 47 48 Contents Dual mode API to wrap system calls
More informationJorix kernel: real-time scheduling
Jorix kernel: real-time scheduling Joris Huizer Kwie Min Wong May 16, 2007 1 Introduction As a specialized part of the kernel, we implemented two real-time scheduling algorithms: RM (rate monotonic) and
More informationPut a Firewall in Your JVM Securing Java Applications!
Put a Firewall in Your JVM Securing Java Applications! Prateep Bandharangshi" Waratek Director of Client Security Solutions" @prateep" Hussein Badakhchani" Deutsche Bank Ag London Vice President" @husseinb"
More informationBug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit
Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough
More informationCoverity Scan. Big Data Spotlight
Coverity Scan Big Data Spotlight Coverity Scan Service The Coverity Scan service began as the largest public-private sector research project in the world focused on open source software quality and security.
More informationCISQ Specifications for Automated Quality Characteristic Measures
CISQ Specifications for Automated Quality Characteristic Measures Produced by CISQ Technical Work Groups for: Reliability Performance Efficiency Security Maintainability CISQ TR 2012 01 2 of 29 Executive
More informationSQL Injection Attack Lab
Laboratory for Computer Security Education 1 SQL Injection Attack Lab Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation
More informationIBM SDK, Java Technology Edition Version 1. IBM JVM messages IBM
IBM SDK, Java Technology Edition Version 1 IBM JVM messages IBM IBM SDK, Java Technology Edition Version 1 IBM JVM messages IBM Note Before you use this information and the product it supports, read the
More informationChapter 2: OS Overview
Chapter 2: OS Overview CmSc 335 Operating Systems 1. Operating system objectives and functions Operating systems control and support the usage of computer systems. a. usage users of a computer system:
More informationTest-driving static analysis tools in search of C code vulnerabilities
Test-driving static analysis tools in search of C code vulnerabilities George Chatzieleftheriou Aristotle University of Thessaloniki Department of Informatics Thessaloniki, Greece e-mail: gchatzie@csd.auth.gr
More informationStatic Analysis Tool Exposition (SATE) 2008
Special Publication 500-279 Static Analysis Tool Exposition (SATE) 2008 Editors: Vadim Okun Romain Gaucher Paul E. Black Software and Systems Division Information Technology Laboratory National Institute
More informationRelease Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7/v1.8
Release Notes for Epilog for Windows v1.7/v1.8 InterSect Alliance International Pty Ltd Page 1 of 22 About this document This document provides release notes for Snare Enterprise Epilog for Windows release
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationTOOL EVALUATION REPORT: FORTIFY
TOOL EVALUATION REPORT: FORTIFY Derek D Souza, Yoon Phil Kim, Tim Kral, Tejas Ranade, Somesh Sasalatti ABOUT THE TOOL Background The tool that we have evaluated is the Fortify Source Code Analyzer (Fortify
More informationDevelopment. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,
Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs
More informationOperating Systems 4 th Class
Operating Systems 4 th Class Lecture 1 Operating Systems Operating systems are essential part of any computer system. Therefore, a course in operating systems is an essential part of any computer science
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationUsing the Juliet Test Suite to compare Static Security Scanners
Using the Juliet Test Suite to compare Static Security Scanners Andreas Wagner 1, Johannes Sametinger 2 1 GAM Project, IT Solutions, Schwertberg, Austria 2 Dept. of Information Systems Software Engineering,
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationCloud Computing. Up until now
Cloud Computing Lecture 11 Virtualization 2011-2012 Up until now Introduction. Definition of Cloud Computing Grid Computing Content Distribution Networks Map Reduce Cycle-Sharing 1 Process Virtual Machines
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationSAS Data Set Encryption Options
Technical Paper SAS Data Set Encryption Options SAS product interaction with encrypted data storage Table of Contents Introduction: What Is Encryption?... 1 Test Configuration... 1 Data... 1 Code... 2
More informationApache Thrift and Ruby
Apache Thrift and Ruby By Randy Abernethy In this article, excerpted from The Programmer s Guide to Apache Thrift, we will install Apache Thrift support for Ruby and build a simple Ruby RPC client and
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationAcronis Backup & Recovery: Events in Application Event Log of Windows http://kb.acronis.com/content/38327
Acronis Backup & Recovery: Events in Application Event Log of Windows http://kb.acronis.com/content/38327 Mod ule_i D Error _Cod e Error Description 1 1 PROCESSOR_NULLREF_ERROR 1 100 ERROR_PARSE_PAIR Failed
More informationSQL Server Instance-Level Benchmarks with DVDStore
SQL Server Instance-Level Benchmarks with DVDStore Dell developed a synthetic benchmark tool back that can run benchmark tests against SQL Server, Oracle, MySQL, and PostgreSQL installations. It is open-sourced
More informationBasic Unix/Linux 1. Software Testing Interview Prep
Basic Unix/Linux 1 Programming Fundamentals and Concepts 2 1. What is the difference between web application and client server application? Client server application is designed typically to work in a
More informationCommon Errors in C/C++ Code and Static Analysis
Common Errors in C/C++ Code and Static Analysis Red Hat Ondřej Vašík and Kamil Dudka 2011-02-17 Abstract Overview of common programming mistakes in the C/C++ code, and comparison of a few available static
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationReplication on Virtual Machines
Replication on Virtual Machines Siggi Cherem CS 717 November 23rd, 2004 Outline 1 Introduction The Java Virtual Machine 2 Napper, Alvisi, Vin - DSN 2003 Introduction JVM as state machine Addressing non-determinism
More informationNo no-argument constructor. No default constructor found
Every software developer deals with bugs. The really tough bugs aren t detected by the compiler. Nasty bugs manifest themselves only when executed at runtime. Here is a list of the top ten difficult and
More informationTesting and Inspecting to Ensure High Quality
Testing and Inspecting to Ensure High Quality Basic definitions A failure is an unacceptable behaviour exhibited by a system The frequency of failures measures the reliability An important design objective
More informationVisualizing Information Flow through C Programs
Visualizing Information Flow through C Programs Joe Hurd, Aaron Tomb and David Burke Galois, Inc. {joe,atomb,davidb}@galois.com Systems Software Verification Workshop 7 October 2010 Joe Hurd, Aaron Tomb
More informationGold Standard Method for Benchmarking C Source Code Static Analysis Tools
Gold Standard Method for Benchmarking C Source Code Static Analysis Tools Cyber Security Division 2012 Principal Investigators Meeting October 11, 2012 Henny Sipma Sr. Computer Scientist Kestrel Technology,
More informationAdvanced Endpoint Protection Overview
Advanced Endpoint Protection Overview Advanced Endpoint Protection is a solution that prevents Advanced Persistent Threats (APTs) and Zero-Day attacks and enables protection of your endpoints by blocking
More informationGeneral Introduction
Managed Runtime Technology: General Introduction Xiao-Feng Li (xiaofeng.li@gmail.com) 2012-10-10 Agenda Virtual machines Managed runtime systems EE and MM (JIT and GC) Summary 10/10/2012 Managed Runtime
More informationThe BackTrack Successor
SCENARIOS Kali Linux The BackTrack Successor On March 13, Kali, a complete rebuild of BackTrack Linux, has been released. It has been constructed on Debian and is FHS (Filesystem Hierarchy Standard) complaint.
More informationManual vs. Automated Vulnerability Assessment: ACaseStudy
Manual vs. Automated Vulnerability Assessment: ACaseStudy JamesA.KupschandBartonP.Miller Computer Sciences Department, University of Wisconsin, Madison, WI, USA {kupsch,bart}@cs.wisc.edu Abstract The dream
More informationPayment Card Industry (PCI) Terminal Software Security. Best Practices
Payment Card Industry (PCI) Terminal Software Security Best Version 1.0 December 2014 Document Changes Date Version Description June 2014 Draft Initial July 23, 2014 Core Redesign for core and other August
More informationStatic Checking of C Programs for Vulnerabilities. Aaron Brown
Static Checking of C Programs for Vulnerabilities Aaron Brown Problems 300% increase in reported software vulnerabilities SetUID programs Run with full access to the system Required to gain access to certain
More informationTesting for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
More informationThe Advantages of Block-Based Protocol Analysis for Security Testing
The Advantages of Block-Based Protocol Analysis for Security Testing Dave Aitel Immunity,Inc. 111 E. 7 th St. Suite 64, NY NY 10009, USA dave@immunitysec.com February, 4 2002 Abstract. This paper describes
More informationMA-WA1920: Enterprise iphone and ipad Programming
MA-WA1920: Enterprise iphone and ipad Programming Description This 5 day iphone training course teaches application development for the ios platform. It covers iphone, ipad and ipod Touch devices. This
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationCOURSE OUTLINE Survey of Operating Systems
Butler Community College Career and Technical Education Division Skyler Lovelace New Fall 2014 Implemented Spring 2015 COURSE OUTLINE Survey of Operating Systems Course Description IN 167. Survey of Operating
More informationUsing Static Code Analysis Tools for Detection of Security Vulnerabilities
Using Static Code Analysis Tools for Detection of Security Vulnerabilities Katerina Goseva-Popstajanova & Andrei Perhinschi Lane Deptartment of Computer Science and Electrical Engineering West Virginia
More informationAdminStudio 2013. Release Notes. 16 July 2013. Introduction... 3. New Features... 6
AdminStudio 2013 Release Notes 16 July 2013 Introduction... 3 New Features... 6 Microsoft App-V 5.0 Support... 6 Support for Conversion to App-V 5.0 Virtual Packages... 7 Automated Application Converter
More informationUForge 3.4 Release Notes
UForge 3.4 Release Notes This document is for users using and administrating UShareSoft UForge TM Platform v3.4. This document includes the release notes for: UForge TM Factory UForge TM Builder UI UForge
More informationSoftware security assessment based on static analysis
Software security assessment based on static analysis Christèle Faure Séminaire SSI et méthodes formelles Réalisé dans le projet Baccarat cofinancé par l union européenne Context > 200 static tools for
More informationJava EE Web Development Course Program
Java EE Web Development Course Program Part I Introduction to Programming 1. Introduction to programming. Compilers, interpreters, virtual machines. Primitive types, variables, basic operators, expressions,
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationGuidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References
NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References The Smart Grid Interoperability Panel Cyber Security Working Group August 2010 NISTIR 7628 Guidelines for
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationSecurity Vulnerabilities in Open Source Java Libraries. Patrycja Wegrzynowicz CTO, Yonita, Inc.
Security Vulnerabilities in Open Source Java Libraries Patrycja Wegrzynowicz CTO, Yonita, Inc. About Me Programmer at heart Researcher in mind Speaker with passion Entrepreneur by need @yonlabs Agenda
More informationAppendix. Web Command Error Codes. Web Command Error Codes
Appendix Web Command s Error codes marked with * are received in responses from the FTP server, and then returned as the result of FTP command execution. -501 Incorrect parameter type -502 Error getting
More informationManual vs. Automated Vulnerability Assessment: A Case Study
Manual vs. Automated Vulnerability Assessment: A Case Study James A. Kupsch and Barton P. Miller Computer Sciences Department, University of Wisconsin, Madison, WI, USA {kupsch,bart}@cs.wisc.edu Abstract.
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 TARGET READERS OF THIS DOCUMENT... 1 1.2 ORGANIZATION OF THIS DOCUMENT... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 4 2 OVERVIEW
More informationCHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS
66 CHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS 5.1 INTRODUCTION In this research work, two new techniques have been proposed for addressing the problem of SQL injection attacks, one
More informationOWASP Web Application Penetration Checklist. Version 1.1
Version 1.1 July 14, 2004 This document is released under the GNU documentation license and is Copyrighted to the OWASP Foundation. You should read and understand that license and copyright conditions.
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationProTrack: A Simple Provenance-tracking Filesystem
ProTrack: A Simple Provenance-tracking Filesystem Somak Das Department of Electrical Engineering and Computer Science Massachusetts Institute of Technology das@mit.edu Abstract Provenance describes a file
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationThreat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda
Threat Modeling/ Security Testing Presented by: Tarun Banga Sr. Manager Quality Engineering, Adobe Quality Leader (India) Adobe Systems India Pvt. Ltd. Agenda Security Principles Why Security Testing Security
More informationD61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:
D61830GC30 for Developers Summary Duration Vendor Audience 5 Days Oracle Database Administrators, Developers, Web Administrators Level Technology Professional Oracle 5.6 Delivery Method Instructor-led
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationCCA CYBER SECURITY TRACK
CCA CYBER SECURITY TRACK 2013-2014 CCA Advanced Cyber Security Track A detailed description of the advanced cyber security track. Courses to be offered in the CCA Advanced Cyber Security Track 2013-2014
More informationHow to achieve PCI DSS Compliance with Checkmarx Source Code Analysis
How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.
More informationDISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES
DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES By Michael Crouse Dr. Errin W. Fulp, Ph.D., Advisor Abstract The increasingly high volume of users on the web and their use of web
More informationKITES TECHNOLOGY COURSE MODULE (C, C++, DS)
KITES TECHNOLOGY 360 Degree Solution www.kitestechnology.com/academy.php info@kitestechnology.com technologykites@gmail.com Contact: - 8961334776 9433759247 9830639522.NET JAVA WEB DESIGN PHP SQL, PL/SQL
More informationA Comparative Study on Vega-HTTP & Popular Open-source Web-servers
A Comparative Study on Vega-HTTP & Popular Open-source Web-servers Happiest People. Happiest Customers Contents Abstract... 3 Introduction... 3 Performance Comparison... 4 Architecture... 5 Diagram...
More informationColumbia University Web Security Standards and Practices. Objective and Scope
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationEnterprise Java Applications on VMware: High Availability Guidelines. Enterprise Java Applications on VMware High Availability Guidelines
: This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents listed at http://www.vmware.com/download/patents.html. VMware
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationNVIDIA CUDA GETTING STARTED GUIDE FOR MAC OS X
NVIDIA CUDA GETTING STARTED GUIDE FOR MAC OS X DU-05348-001_v6.5 August 2014 Installation and Verification on Mac OS X TABLE OF CONTENTS Chapter 1. Introduction...1 1.1. System Requirements... 1 1.2. About
More informationSetting up PostgreSQL
Setting up PostgreSQL 1 Introduction to PostgreSQL PostgreSQL is an object-relational database management system based on POSTGRES, which was developed at the University of California at Berkeley. PostgreSQL
More informationAutomatic Runtime Error Repair and Containment via Recovery Shepherding
Automatic Runtime Error Repair and Containment via Recovery Shepherding Fan Long Stelios Sidiroglou-Douskos Martin Rinard {fanl, stelios, rinard}@csail.mit.edu MIT EECS & CSAIL Abstract We present a system,
More informationComprehensive Security for Internet-of-Things Devices With ARM TrustZone
Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Howard Williams mentor.com/embedded Internet-of-Things Trends The world is more connected IoT devices are smarter and more complex
More information