refs - Week 6 February 20 : Exec calls, Trust Boundaries...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 390S: Secure Programming Slides will be posted on the same day as the class. January 9 Topics: Definitions of vulnerabilities, attacks, exploits, exposures, flaws Need for secure programming MITRE: CVE, CWE, OVAL, CCE NIST: NVD (National Vulnerability Database), NIST guides NIST CVSS (Common Vulnerability Scoring System) CERT, US-CERT Week 1 (pdf) Classes of Vulnerabilities and Attacks (Pascal Meunier) Wiley Handbook of Science and Technology for Homeland Security (distributed in class, or by email). You should read the first 4 pages this week and be done reading it by the mid-term. January 16 Week 2 (pdf) January 23 : Buffer Overflows Week 3, version 2 with clipped text fixed (pdf) January 30 : Buffer Overflows, part 2 Week 4 February 6 : Integer Overflows, Format String Vulnerabilities Week 5 February 13 : Shells and Environment
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Week 6 February 20 : Exec calls, Trust Boundaries Week 7, v2 (v2 changes: reworked the "exec" and "file descriptors" slides) February 27 : Mid-term Does not include material seen on February 20. Remember, taking the mid-term is mandatory for a passing grade. .. March 5 : Meta-character vulnerabilities and code injection Week 9 March 12 : Spring Break March 19 : Web Applications Week 11 Domain Security JavaScript Injection (a.k.a. XSS, Cross-site scripting vulnerabilities) March 26 : Race Conditions Week 12 April 2 : File System Issues: Links, Directory Crawls, and Race Conditions Week 13 (abridged version so we can catch up) April 9 : Randomness and Canonicalization Week 14 April 16 : Last Exam April 23 : Solution to last exam, grades, discussions Remember, there is no final, regardless of whether a final is scheduled by Purdue. Spring 2007 web site...
View Full Document

Page1 / 2

refs - Week 6 February 20 : Exec calls, Trust Boundaries...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online