Static Checking of C Programs for Vulnerabilities. Aaron Brown
|
|
- Earl Lewis
- 3 years ago
- Views:
From this document you will learn the answers to the following questions:
What does the Proposed Solution require to prove the correctness of code?
What is more vulnerabilities reported?
What type of alarms can be generated?
Transcription
1 Static Checking of C Programs for Vulnerabilities Aaron Brown
2 Problems 300% increase in reported software vulnerabilities SetUID programs Run with full access to the system Required to gain access to certain functions C Programming Language No built-in memory safety Easy to accidently add vulnerabilities to code
3 Vulnerability Types Buffer Overflows Race Conditions TOCTOU vulnerabilities Improper System Interactions Not dropping privledge properly Insecure chroot jails File Descriptor attacks
4 Proposed Solution: Formal Proof Methods Attempt to prove the correctness of the code Requires specific knowledge of exactly what needs to be proved Downsides Can't easily apply to already written programs Expensive How do you verify the formal specification? Not in wide use
5 Proposed Solution: Fix C Fix C's Memory Management Issues Purify, Stackguard, Electric Fence, Valgrind Problems with these methods Specific to C Don't necessarily verify every execution path Don't necessarily fix the actual problem
6 Proposed Solution: Fix Standard Libraries Implement new system libraries to prevent issues Ensures future users do not fall into the same trap Example: mkstemp Problems May not work with prewritten software Change to new interface may be non-trivial
7 Proposed Solution: Change Languages Languages like Java, Perl, Python provide the memory safety that C lacks. Downsides Much infrastructure relies on C Loss of years of debugging Many projects may need the low level access C provides Other languages could still have security vulnerabilities.
8 Proposed Solution: Model Checking Benefits Explains why something is happening Can be applied to any language Can be run on pre-existing code bases Can check every execution path Generally Extensible Downsides Can not tell one that no bugs exist May generate false alarms
9 Model Checking Example: MOPS Limited model checker Doesn't check multithreaded programs Doesn't check for memory safety Can't understand inline assembler Doesn't understand variable aliasing
10 Model Checking Example: MOPS Still very useful Can detect many types of race conditions Can ensure that subtle security issues are handled properly
11 Model Checking Example: MOPS Overview Static analysis tool Pushdown model checking Simplified variable handling Simplified branch handling
12 Model Checking Example: MOPS Security Properties Checks temporal safety properties described by a Finite State Automata
13 Example of a Security FSA // The program has root privilege if ((passwd = getpwuid(getuid())!= NULL){ } fprintf(log, drop priv for %s, passwd- >pw_name); setuid(getuid()); execl( /bin/sh, /bin/sh, NULL); // risky syscall Untrusted Privledged Execution
14 Security FSA in MOPS Syntax setuid_exec.mfsa: setuid.fsa q priv f priv_exec setuid.fsa t priv priv_exec { function_call { identifier execv } { ellipses } } t priv nopriv {function_call{identifier seteuid}{function_call {identifier getuid}}} t priv_exec priv_exec { other } t nopriv priv {function_call{indentifier seteuid}{ lexical_cst 0 }}
15 Example of a Security FSA stat(logfile, &st); if (st.st_uid!= getuid()) return -1; open(logfile, O_RDWR); File Access Race Condition
16 Security FSA in MOPS Syntax file_race.mfsa access.fsa q none_passed f two_passwd access.fsa t none_passed one_passed {binary = {var x}{function_call{identifier{ open }}} t none_passed one_passed {binary = {var x}{function_call{identifier{ stat }}} t none_passed one_passed {binary = {var x}{function_call{identifier{ rename }}} t one_passed two_passed {function_call{identifier{ open }{var x}}} t one_passed two_passed {function_call{identifier{ stat }{var x}}} t one_passed two_passed {function_call{identifier{ rename }{var x}}} t one_passed one_passed {other} t two_passed two_passed {other}
17 Extending the Model Many attacks unrelated to unsafe system calls Cross Site Scripting SQL Injection
18 Example of a Security FSA Perl Code: // The server can write to the database $user_data = read_user_data(); if (user_data!= ) { $db->execute($user_data); } else { } print_error( Invalid Data ); SQL Injection
19 Viability of MOPS - Performance Performance depends on the complexity of the FSA and the amount of times the program calls the functions in the FSA Implementation in Java can run in a reasonable amount of time.
20 Viability of MOPS - Performance Performance of MOPS on the first DSA Apache 229k 0:45 BIND 279k 0:53 Samba 254k 1:53 Sendmail 222k 0:12 Performance of MOPS on the second DSA Apache 229k 0:43 BIND 279k 1:08 Samba 254k 13:14 Sendmail 222k 1:53
21 Viability of MOPS - Effectiveness Effectiveness Found 2 previously unknown issues in SSH Unsafe temp file handling Failure to drop priveledges properly Found many instances of standard file vulnerabilities At, Apache, OpenSSH, Samba and Vixie Cron
22 Other Checkers Stanford Checker Stanford Checker[DAWES] General Bug Checker Meta-Level Compilation Project from Stanford Modified GCC Doesn't use model checking
23 Other Checkers Stanford Checker Used against Linux and FreeBSD User pointers dereferenced An integer from userspace is used as an argument to a copy_*_user function or an array index Format string bugs
24 Other Checkers Static detection of buffer overflows David Larochelle and David Evans at UVA[DLDE] Extension of Split(LCLint) Uses annotations to tell the checker what the intent of the code is Produces a lot of spurious warnings until all the annotation has been done.
25 Questions?
26 References [DAWES] D. Engler, et al. Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions OSDI. [DLDE] D. Larochelle and D. Evans. Statically Detecting Likely Buffer Overflow Vulnerabilities USENIX Security Symposium.
Secure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationSource Code Review Using Static Analysis Tools
Source Code Review Using Static Analysis Tools July-August 05 Author: Stavros Moiras Supervisor(s): Stefan Lüders Aimilios Tsouvelekakis CERN openlab Summer Student Report 05 Abstract Many teams at CERN,
More informationTesting for Security
Testing for Security Kenneth Ingham September 29, 2009 1 Course overview The threat that security breaches present to your products and ultimately your customer base can be significant. This course is
More informationSecuring Network Software using Static Analysis
Securing Network Software using Static Analysis Lauri Kolmonen Helsinki University of Technology lauri.kolmonen@hut.fi Abstract Writing network software is not easy and developing secure network software
More informationTOOL EVALUATION REPORT: FORTIFY
TOOL EVALUATION REPORT: FORTIFY Derek D Souza, Yoon Phil Kim, Tim Kral, Tejas Ranade, Somesh Sasalatti ABOUT THE TOOL Background The tool that we have evaluated is the Fortify Source Code Analyzer (Fortify
More informationSoftware security specification and verification
Software security specification and verification Erik Poll Security of Systems (SoS) group Radboud University Nijmegen Software (in)security specification and verification/detection Erik Poll Security
More informationA Test Suite for Basic CWE Effectiveness. Paul E. Black. paul.black@nist.gov. http://samate.nist.gov/
A Test Suite for Basic CWE Effectiveness Paul E. Black paul.black@nist.gov http://samate.nist.gov/ Static Analysis Tool Exposition (SATE V) News l We choose test cases by end of May l Tool output uploaded
More informationAccess Control Fundamentals
C H A P T E R 2 Access Control Fundamentals An access enforcement mechanism authorizes requests (e.g., system calls) from multiple subjects (e.g., users, processes, etc.) to perform operations (e.g., read,,
More informationSecure Software Development and Code Analysis Tools
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Secure
More informationStatic Analysis. Find the Bug! 15-654: Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled
Static Analysis 15-654: Analysis of Software Artifacts Jonathan Aldrich 1 Find the Bug! Source: Engler et al., Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, OSDI
More informationCS 356 Lecture 23 and 24 Software Security. Spring 2013
CS 356 Lecture 23 and 24 Software Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationManual vs. Automated Vulnerability Assessment: A Case Study
Manual vs. Automated Vulnerability Assessment: A Case Study James A. Kupsch and Barton P. Miller Computer Sciences Department, University of Wisconsin, Madison, WI, USA {kupsch,bart}@cs.wisc.edu Abstract.
More informationRunning a Default Vulnerability Scan
Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability
More informationManual vs. Automated Vulnerability Assessment: ACaseStudy
Manual vs. Automated Vulnerability Assessment: ACaseStudy JamesA.KupschandBartonP.Miller Computer Sciences Department, University of Wisconsin, Madison, WI, USA {kupsch,bart}@cs.wisc.edu Abstract The dream
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationLinux Kernel. Security Report
Linux Kernel Security Report September 25 Authors: Andy Chou, Bryan Fulton and Seth Hallem Coverity has combined two years of analysis work carried out in a commercial setting at Coverity with four years
More informationSoftware security assessment based on static analysis
Software security assessment based on static analysis Christèle Faure Séminaire SSI et méthodes formelles Réalisé dans le projet Baccarat cofinancé par l union européenne Context > 200 static tools for
More informationMeasuring the Effect of Code Complexity on Static Analysis Results
Measuring the Effect of Code Complexity on Static Analysis Results James Walden, Adam Messer, and Alex Kuhl Department of Computer Science Northern Kentucky University Highland Heights, KY 41099 Abstract.
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More informationRunning a Default Vulnerability Scan SAINTcorporation.com
SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s
More informationFully Automated Static Analysis of Fedora Packages
Fully Automated Static Analysis of Fedora Packages Red Hat Kamil Dudka August 9th, 2014 Abstract There are static analysis tools (such as Clang or Cppcheck) that are able to find bugs in Fedora packages
More informationCHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS
66 CHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS 5.1 INTRODUCTION In this research work, two new techniques have been proposed for addressing the problem of SQL injection attacks, one
More informationThe Hacker Strategy. Dave Aitel dave@immunityinc.com. Security Research
1 The Hacker Strategy Dave Aitel dave@immunityinc.com Security Research Who am I? CTO, Immunity Inc. History: NSA->@stake -> Immunity Responsible for new product development Vulnerability Sharing Club
More informationSet-UID Privileged Programs
Lecture Notes (Syracuse University) Set-UID Privileged Programs: 1 Set-UID Privileged Programs The main focus of this lecture is to discuss privileged programs, why they are needed, how they work, and
More informationDEVELOPING SECURE SOFTWARE
DEVELOPING SECURE SOFTWARE A FOUNDATION FOR CLOUD AND IOT SECURITY Eric Baize @ericbaize Senior Director, Product Security Office EMC Corporation Chairman of SAFECode CSA EMEA Congress November 2015 1
More informationSecure Programming and Source-Code Reviews - In the UNIX Environment. Thomas Biege <thomas@suse.de>
Secure Programming and Source-Code Reviews - In the UNIX Environment Thomas Biege What will I talk about? Application Design Programming Errors Cryptography and Randomness Secure Socket
More informationUnix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>
Unix Security Technologies Pete Markowsky What is this about? The goal of this CPU/SWS are: Introduce you to classic vulnerabilities Get you to understand security advisories Make
More informationSemantic Analysis: Types and Type Checking
Semantic Analysis Semantic Analysis: Types and Type Checking CS 471 October 10, 2007 Source code Lexical Analysis tokens Syntactic Analysis AST Semantic Analysis AST Intermediate Code Gen lexical errors
More informationBuilding accurate intrusion detection systems. Diego Zamboni Global Security Analysis Lab IBM Zürich Research Laboratory
Building accurate intrusion detection systems Diego Zamboni Global Security Analysis Lab IBM Zürich Research Laboratory Outline Brief introduction to intrusion detection The MAFTIA project Accurate intrusion
More informationWeb Security CS25010. 20th November 2012. 2012, Jonathan Francis Roscoe, jjr6@aber.ac.uk Department of Computer Science, Aberystwyth University
Web Security CS25010 20th November 2012 Session Errors Some people are having errors creating sessions: Warning: session_start() [function.session-start]: open(/var/php_sessions/sess_d7hag76hgsfh2bjuhmdamb974,
More informationImproving Software Security at the. Source
Improving Software Security at the Source Greg Snyder Privacy & Security RIT January 28, 2006 Abstract While computer security has become a major focus of information technology professionals due to patching
More informationAutomatic Extraction of Accurate Application-Specific Sandboxing Policy
Automatic Extraction of Accurate Application-Specific Sandboxing Policy Lap-chung Lam and Tzi-cker Chiueh Rether Networks, Inc. 99 Mark Tree RD Suite 301, Centereach NY 11720, USA lclam@cs.sunysb.edu http://www.rether.com
More informationX05. An Overview of Source Code Scanning Tools. Loulwa Salem. Las Vegas, NV. IBM Corporation 2006. IBM System p, AIX 5L & Linux Technical University
X05 An Overview of Source Code Scanning Tools Loulwa Salem Las Vegas, NV Objectives This session will introduce better coding practices and tools available to aid developers in producing more secure code.
More informationKernel Intrusion Detection System
Kernel Intrusion Detection System Rodrigo Rubira Branco rodrigo@kernelhacking.com rodrigo@risesecurity.org Monica's Team!! Brazilian famous H.Q. story Amazon Forest Yeah, Brazilian country! Soccer Brazilian
More informationHomeland Security Red Teaming
Homeland Security Red Teaming Directs intergovernmental coordination Specifies Red Teaming Viewing systems from the perspective of a potential adversary Target hardening Looking for weakness in existing
More information(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
(General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.
More informationIntrusion Detection via Static Analysis
Intrusion Detection via Static Analysis IEEE Symposium on Security & Privacy 01 David Wagner Drew Dean Presented by Yongjian Hu Outline Introduction Motivation Models Trivial model Callgraph model Abstract
More informationD. Best Practices D.1. Assurance The 5 th A
Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.1. Assurance The 5 th A 1 of 20 IT systems are insecure for two main reasons: People are fallible and systems are complex and
More informationConfining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linux Michelle J. Gosselin, Jennifer Schommer mgoss@mitre.org, jschommer@mitre.org Keywords: Operating System Security, Web Server Security, Access
More informationSSL Tunnels. Introduction
SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationA Practical Guide to Vulnerability Checkers
A Practical Guide to Vulnerability Checkers Secologic Project Written by: Martin Johns University of Hamburg / Security in Distributed Systems johns AT informatik.uni-hamburg.de 2006 This work was supported
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationSystem Security Fundamentals
System Security Fundamentals Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano alessandro.barenghi - at - polimi.it April 28, 2015 Lesson contents Overview
More informationEvaluation of Penetration Testing Software. Research
Evaluation of Penetration Testing Software Research Penetration testing is an evaluation of system security by simulating a malicious attack, which, at the most fundamental level, consists of an intellectual
More informationVisualizing Information Flow through C Programs
Visualizing Information Flow through C Programs Joe Hurd, Aaron Tomb and David Burke Galois, Inc. {joe,atomb,davidb}@galois.com Systems Software Verification Workshop 7 October 2010 Joe Hurd, Aaron Tomb
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationSecurity Certification of Third- Parties Applications
Security Certification of Third- Parties Applications Stanislav Dashevskyi dashevskyi@fbk.eu Advisors: Fabio Massacci, Antonino Sabetta Agenda Introduction Third-party code in web applications Third-party
More informationSecurity Vulnerabilities in Open Source Java Libraries. Patrycja Wegrzynowicz CTO, Yonita, Inc.
Security Vulnerabilities in Open Source Java Libraries Patrycja Wegrzynowicz CTO, Yonita, Inc. About Me Programmer at heart Researcher in mind Speaker with passion Entrepreneur by need @yonlabs Agenda
More informationSecurity report on OpenEMR, case study: demo.merdiportal.gr
Security report on OpenEMR, case study: demo.merdiportal.gr During the second half of May 2012, we asked the OWASP team of the Technical Educational Institute of Larisa, to conduct a series of vulnerability
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security So, you have built an operating system that enables user-space processes to
More informationSQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova
SQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova Where someone is building a Web application, often he need to use databases to store information, or to manage user accounts. And
More informationReal World Software Assurance Test Suite: STONESOUP
Real World Software Assurance Test Suite: STONESOUP Charles Oliveira/SAMATE Guest Researcher at Software and Systems Division, IT Laboratory NIST Outline - Introduction STONESOUP
More informationImplementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
More informationDetecting Software Vulnerabilities Static Taint Analysis
Vérimag - Distributed and Complex System Group Universitatea Politehnica București Detecting Software Vulnerabilities Static Taint Analysis Dumitru CEARĂ Supervisors Marie-Laure POTET, Ph.D, ENSIMAG, Grenoble
More informationSummary of the SEED Labs For Authors and Publishers
SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 3 1/18/07 CIS/TCOM 551 1 Announcements Email project groups to Jeff (vaughan2 AT seas.upenn.edu) by Jan. 25 Start your projects early!
More informationAutomating Mimicry Attacks Using Static Binary Analysis
Automating Mimicry Attacks Using Static Binary Analysis Christopher Kruegel and Engin Kirda Technical University Vienna chris@auto.tuwien.ac.at, engin@infosys.tuwien.ac.at Darren Mutz, William Robertson,
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationWhat Every (Software) Engineer Needs To Know About Security. -- and -- Where To Learn It
What Every (Software) Engineer Needs To Know About Security -- and -- Where To Learn It Neil Daswani http://www.neildaswani.com http://www.learnsecurity.com Is the sky falling? (yet?) TJX (March 2007)
More informationThe C Programming Language course syllabus associate level
TECHNOLOGIES The C Programming Language course syllabus associate level Course description The course fully covers the basics of programming in the C programming language and demonstrates fundamental programming
More informationNetworking Security - 15 New Computer Worms Broken
Reuters, 2004.11.09: Worm breaks speed record from discovery to life A new computer worm emerged on Tuesday which broke the speed record from the announcement of a security vulnerability in Microsoft s
More informationBug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit
Bug hunting Vulnerability finding methods in Windows 32 environments compared FX of Phenoelit The goal: 0day What we are looking for: Handles network side input Runs on a remote system Is complex enough
More informationSecurity Testing OpenGGSN: a Case Study
Security Testing OpenGGSN: a Case Study Esa Tikkala, Mikko Rapeli, Kaarina Karppinen, Hannu Honkanen VTT Technical Research Centre of Finland, Oulu, Finland Abstract As systems today are more and more
More informationA Comparative Study of Industrial Static Analysis Tools (Extended Version)
Technical reports in Computer and Information Science Report number 2008:3 A Comparative Study of Industrial Static Analysis Tools (Extended Version) by Pär Emanuelsson and Ulf Nilsson par.emanuelsson@ericsson.com,
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationHow to Sandbox IIS Automatically without 0 False Positive and Negative
How to Sandbox IIS Automatically without 0 False Positive and Negative Professor Tzi-cker Chiueh Computer Science Department Stony Brook University chiueh@cs.sunysb.edu 2/8/06 Blackhat Federal 2006 1 Big
More informationCIS433/533 - Computer and Network Security Operating System Security
CIS433/533 - Computer and Network Security Operating System Security Professor Kevin Butler Winter 2010 Computer and Information Science OS Security An secure OS should provide (at least) the following
More informationSoftware Security Analysis - Execution Phase Audit
Software Security Analysis - Execution Phase Audit Bengt Carlsson * and Dejan Baca # * School of Engineering, Blekinge Institute of Technology ; PO Box 520, S-372 25 Ronneby, SWEDEN; bengt.carlsson;@bth.se
More informationCritical Systems Validation. Objectives
Critical Systems Validation Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 24 Slide 1 Objectives To explain how system reliability can be measured and how reliability growth models can
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationIntro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work
Intro DNS, security problems SPARK IRONSIDES Experimental results (previous, new) Lessons in humility Hitting the sweet spot Conclusions, future work DNS (internet Domain Name System) is the protocol for
More informationSecurity types to the rescue
Security types to the rescue p. 1 Security types to the rescue David Wagner and Rob Johnson {daw,rtjohnso}@cs.berkeley.edu University of California, Berkeley Security types to the rescue p. 2 Problem statement
More informationTop 10 Web Application Security Vulnerabilities - with focus on PHP
Top 10 Web Application Security Vulnerabilities - with focus on PHP Louise Berthilson Alberto Escudero Pascual 1 Resources The Top 10 Project by OWASP www.owasp.org/index.php/owasp_top_ten_project
More informationPrecise XSS Detection with Static Analysis using String Analysis
Eindhoven University of Technology Department of Mathematics and Computing Science Precise XSS Detection with Static Analysis using String Analysis By Henri Hambartsumyan Thesis submitted in partial fulfilment
More informationCommon Errors in C/C++ Code and Static Analysis
Common Errors in C/C++ Code and Static Analysis Red Hat Ondřej Vašík and Kamil Dudka 2011-02-17 Abstract Overview of common programming mistakes in the C/C++ code, and comparison of a few available static
More informationThreat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN
Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process
More informationDatabase Security Guide
Institutional and Sector Modernisation Facility ICT Standards Database Security Guide Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/DBSec Version: 1.10 Project Funded by the European Union 1 Document
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationBraindumps.C2150-810.50 questions
Braindumps.C2150-810.50 questions Number: C2150-810 Passing Score: 800 Time Limit: 120 min File Version: 5.3 http://www.gratisexam.com/ -810 IBM Security AppScan Source Edition Implementation This is the
More informationLegal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html.
ADOBE AIR Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Installing and updating desktop applications...........................................................................
More informationThe Advantages of Block-Based Protocol Analysis for Security Testing
The Advantages of Block-Based Protocol Analysis for Security Testing Dave Aitel Immunity,Inc. 111 E. 7 th St. Suite 64, NY NY 10009, USA dave@immunitysec.com February, 4 2002 Abstract. This paper describes
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4
CIS 551 / TCOM 401 Computer and Network Security Spring 2005 Lecture 4 Access Control: The Big Picture Objects - resources being protected E.g. files, devices, etc. Subjects - active entities E.g. processes,
More informationStatic vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together. Outline
Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together S. Tucker Taft and Brian Lesuer SQGNE December 2006 Outline The Challenges Facing Software Testing A Software Testing
More informationSource Code Security Analysis Tool Functional Specification Version 1.0
Special Publication 500-268 Source Code Security Analysis Tool Functional Specification Version 1.0 Paul E. Black Michael Kass Michael Koo Software Diagnostics and Conformance Testing Division Information
More informationBypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More informationCSE 373: Data Structure & Algorithms Lecture 25: Programming Languages. Nicki Dell Spring 2014
CSE 373: Data Structure & Algorithms Lecture 25: Programming Languages Nicki Dell Spring 2014 What is a Programming Language? A set of symbols and associated tools that translate (if necessary) collections
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationTransparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
More informationPerl In Secure Web Development
Perl In Secure Web Development Jonathan Worthington (jonathan@jwcs.net) August 31, 2005 Perl is used extensively today to build server side web applications. Using the vast array of modules on CPAN, one
More informationApplication Security: Web service and E-Mail
Application Security: Web service and E-Mail (April 11, 2011) Abdou Illia Spring 2011 Learning Objectives Discuss general Application security Discuss Webservice/E-Commerce security Discuss E-Mail security
More informationAutomating Security Testing. Mark Fallon Senior Release Manager Oracle
Automating Security Testing Mark Fallon Senior Release Manager Oracle Some Ground Rules There are no silver bullets You can not test security into a product Testing however, can help discover a large percentage
More informationCS 155 Final Exam. CS 155: Spring 2013 June 11, 2013
CS 155: Spring 2013 June 11, 2013 CS 155 Final Exam This exam is open book and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
More informationCompilers. Introduction to Compilers. Lecture 1. Spring term. Mick O Donnell: michael.odonnell@uam.es Alfonso Ortega: alfonso.ortega@uam.
Compilers Spring term Mick O Donnell: michael.odonnell@uam.es Alfonso Ortega: alfonso.ortega@uam.es Lecture 1 to Compilers 1 Topic 1: What is a Compiler? 3 What is a Compiler? A compiler is a computer
More informationstatic void insecure (localhost *unix)
static void insecure (localhost *unix) Eric Pancer epancer@infosec.depaul.edu Information Security Team DePaul University http://infosec.depaul.edu Securing UNIX Hosts from Local Attack p.1/32 Overview
More informationComputer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance
Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit
More informationProgramming Flaws and How to Fix Them
19 ö Programming Flaws and How to Fix Them MICHAEL HOWARD DAVID LEBLANC JOHN VIEGA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City- Milan New Delhi San Juan Seoul Singapore
More informationHow to Design a System Model and Determine Unwanted Calls
Automated Discovery of Mimicry Attacks Jonathon T. Giffin, Somesh Jha, and Barton P. Miller Computer Sciences Department, University of Wisconsin {giffin,jha,bart}@cs.wisc.edu Abstract. Model-based anomaly
More informationChapter 3.2 C++, Java, and Scripting Languages. The major programming languages used in game development.
Chapter 3.2 C++, Java, and Scripting Languages The major programming languages used in game development. C++ C used to be the most popular language for games Today, C++ is the language of choice for game
More information