Secure programming

:\Program Files\Debugging Tools for Windows (x86)\dbgeng.dll'.

  • set proper path to WinDbg (e.g., c:\Program Files (x86)\Debugging Tools for Windows\) in peach pit file
  • <Param name=“WinDbgPath” value=“c:\Program Files (x86)\Debugging Tools for Windows\” />
  • Example output for new students:
    • High-level metrics: platform…
    • Iterative process, highlight to students
    • Platform supported
    • Properties from Andrii
    • IDE integration vs. standalone / server-based tool
  • Coverity experience
  • 3 bc theses
    • Use owasp tools, test against vulnerable apps, evaluate
    • Implement personalized testing scenarios inside given framework (he Web Application Hacker's Handbook scenarios)
      • multiple scenarios, every week demonstration of progress
    • Vulnerability scanners - Nessus, Metasploit…
  • Metrics (owasp top 10)

A1 Injection

  A2 Broken Authentication and Session Management
  A3 Cross-Site Scripting (XSS)
  A4 Insecure Direct Object References
  A5 Security Misconfiguration
  A6 Sensitive Data Exposure
  A7 Missing Function Level Access Control
  A8 Cross-Site Request Forgery (CSRF)
  A9 Using Components with Known Vulnerabilities
  A10 Unvalidated Redirects and Forwards