Code_Auditing.pdf
(
440 KB
)
Pobierz
Source Code Security
Auditing and
Vulnerabilities
W. Owen Redwood, Ph.D.
Offensive Computer Security 2.0
http://hackallthethings.com/
Outline of talk
●
●
●
●
●
●
●
Intro
CVE
CCE
CWE
Strategy
Common programming errors/bugs
Source code auditing
Software Security Resources
See the:
●
Common Vulnerablities and Exposures
http://cve.mitre.org/
● Common Weakness Enumeration
http://cwe.mitre.org/
● Seven kingdoms of weaknesses Taxonomy
http://cwe.mitre.org/documents/sources/SevenPerniciousKingdomsTaxonomyGraphic.pdf
● Common Configuration Enumeration
http://cce.mitre.org/
National Vulnerability Database
http://nvd.nist.gov/home.cfm
an example:
http://web.nvd.nist.
gov/view/vuln/detail?vulnId=CVE-
2012-0861
CVEs (Common Vulnerabilities and
Exposures)
● list of information security vulnerabilities
that aims to provide common names for
publicly known problems
● Goal is to make it easier to spread/share
data
○
in house, between divisions, companies,
researchers, etc.
○
across vulnerability databases
● Run by MITRE
● *should be taught in all software
engineering classes....*
Plik z chomika:
kufel_007
Inne pliki z tego folderu:
Code_Auditing.pdf
(440 KB)
Inne foldery tego chomika:
01.Intro
02.SecureC
04.Linux
05.Windows
06.Rootkit
Zgłoś jeśli
naruszono regulamin