Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Secure Software Development - Building Secure Software - Lecture Slides, Slides of Software Engineering

Some concept of Building Secure Software are Anti-Phishing Software, Architectural Risk Analysis, Awareness And Training, Buffer Overflows , Wikipedia, Building Secure Software, Command Injection, Independence In Multiversion Programming. Main points of this lecture are: Secure Software Development , Related Work, Buffer Overruns, Format String Problems, Integer Overflows, Injection, Handle Errors, Cross-Site Scripting, Information Leakage, Improper File Access

Typology: Slides

2012/2013

Uploaded on 04/26/2013

sharad_984
sharad_984 🇮🇳

4.5

(13)

146 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Secure Software Development
Docsity.com
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Secure Software Development - Building Secure Software - Lecture Slides and more Slides Software Engineering in PDF only on Docsity!

Secure Software Development

Project – Final Report

• Project Final Report

– Electronic submission: April 25, 5:00 pm

– Hard copy: April 25, 2010 5:30 pm

FINAL EXAM

Reading

  • McGraw: Software Security: Chapters 1 – 9, 12
  • 19 Deadly Sins:
    1. Chapter 1: Buffer overruns
    2. Chapter 2: Format string problems
    3. Chapter 3: Integer overflows
    4. Chapter 4: SQL injection
    5. Chapter 6: Failure to handle errors
    6. Chapter 7: Cross-site scripting
    7. Chapter 13: Information leakage
    8. Chapter 14: Improper file access

19 deadly Sins

• Overview of the sin

• Affected languages

• Overview of the sin -- at the level of

presentations, focusing on the text book

• How to detect?

• Best practices

Sample Questions – 19 deadly sins

  • Explain why casting operations may lead to integer overflows.
  • Why is it dangerous to use “gets” to read input in C/C++ code? Recommend an alternate.
  • What is the difference between attack patterns and taxonomy of programming errors?
  • Indirect information flow may be created by inferences. Give an example of an unauthorized inference that cannot be controlled using traditional access control.
  • Show an example code for SQL Injection. Explain the security problem.
  • Why does a failed Windows impersonation create a security problem if not handled properly?
  • Show the binary representations of the decimal numbers +70 and +80. Show their addition using an 8 bits register.