Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
public:secureprogramming [2014-09-11 13:55] petrspublic:research:secprog:secureprogramming [2015-10-21 10:56] – [Vulnerable app / distro / hackme challenges] petrs
Line 2: Line 2:
  
   * 19 deadly sins of software programming (Howard), examples, list of reasonably fresh real examples: http://www.math.uaa.alaska.edu/~afkjm/cs470/handouts/SecuritySins.pdf   * 19 deadly sins of software programming (Howard), examples, list of reasonably fresh real examples: http://www.math.uaa.alaska.edu/~afkjm/cs470/handouts/SecuritySins.pdf
 +  * Mozilla secure coding guidelines: https://developer.mozilla.org/en-US/docs/Secure_Development_Guidelines
 +
  
 ===== Security programming courses ===== ===== Security programming courses =====
Line 81: Line 83:
     * Run cmd with Administrator privileges     * Run cmd with Administrator privileges
       * peach configuration.xml       * peach configuration.xml
 +    * Run Peach in agent mode: //peach -a tcp//
 +      * ERROR: Error, could not load platform assembly 'Peach.Core.OS.Windows.dll' The assembly is part of the Internet Security Zone and loading has been blocked.
 +      * Solution: https://forums.peachfuzzer.com/showthread.php?198-Could-not-load-platform-assembly-Peach-Core-OS-Windows-dll
 +    * ERROR: Could not start monitor "WindowsDebugger" Could not find a part of the path 'C
 +:\Program Files\Debugging Tools for Windows (x86)\dbgeng.dll'.
 +      * set proper path to WinDbg (e.g., c:\Program Files (x86)\Debugging Tools for Windows\) in peach pit file
 +      * <Param name="WinDbgPath" value="c:\Program Files (x86)\Debugging Tools for Windows\" />
 +
 +
  
 ===== Notes ===== ===== Notes =====
Line 90: Line 101:
     * Properties from Andrii     * Properties from Andrii
     * IDE integration vs. standalone / server-based tool     * IDE integration vs. standalone / server-based tool
-  * Miro - Coverity experience+  * Coverity experience
   * 3 bc theses   * 3 bc theses
     * Use owasp tools, test against vulnerable apps, evaluate     * Use owasp tools, test against vulnerable apps, evaluate
     * Implement personalized testing scenarios inside given framework (he Web Application Hacker's Handbook scenarios)     * Implement personalized testing scenarios inside given framework (he Web Application Hacker's Handbook scenarios)
       * multiple scenarios, every week demonstration of progress       * multiple scenarios, every week demonstration of progress
-  +    Vulnerability scanners - Nessus, Metasploit...
   * Metrics (owasp top 10)   * Metrics (owasp top 10)
    
Line 162: Line 173:
     * TRY     * TRY
   * [2013] OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd   * [2013] OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
-    * TRY+    * TRY, https://github.com/Hackademic/hackademic/
     * security teaching application, CTF     * security teaching application, CTF
 +  * [2015] Samurai Web Testing Framework http://samurai.inguardians.com/
 +    * preinstalled Mutillidae,  
  
 ==== Security-supporting library ==== ==== Security-supporting library ====
Line 176: Line 189:
   * [2014] JSON Sanitizer Project https://www.owasp.org/index.php/OWASP_JSON_Sanitizer    * [2014] JSON Sanitizer Project https://www.owasp.org/index.php/OWASP_JSON_Sanitizer 
     * Given JSON-like content, convert it to valid JSON. Java library     * Given JSON-like content, convert it to valid JSON. Java library
 +  * [2015] Several Java web applications and command line applications covering different security topics: https://github.com/dschadow/JavaSecurity