Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:secureprogramming [2014-09-11 13:55] – petrs | public:research:secprog:secureprogramming [2016-12-01 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 2: | Line 2: | ||
* 19 deadly sins of software programming (Howard), examples, list of reasonably fresh real examples: http:// | * 19 deadly sins of software programming (Howard), examples, list of reasonably fresh real examples: http:// | ||
+ | * Mozilla secure coding guidelines: https:// | ||
+ | |||
===== Security programming courses ===== | ===== Security programming courses ===== | ||
Line 81: | Line 83: | ||
* Run cmd with Administrator privileges | * Run cmd with Administrator privileges | ||
* peach configuration.xml | * peach configuration.xml | ||
+ | * Run Peach in agent mode: //peach -a tcp// | ||
+ | * ERROR: Error, could not load platform assembly ' | ||
+ | * Solution: https:// | ||
+ | * ERROR: Could not start monitor " | ||
+ | :\Program Files\Debugging Tools for Windows (x86)\dbgeng.dll' | ||
+ | * set proper path to WinDbg (e.g., c:\Program Files (x86)\Debugging Tools for Windows\) in peach pit file | ||
+ | * <Param name=" | ||
+ | |||
+ | |||
===== Notes ===== | ===== Notes ===== | ||
Line 90: | Line 101: | ||
* Properties from Andrii | * Properties from Andrii | ||
* IDE integration vs. standalone / server-based tool | * IDE integration vs. standalone / server-based tool | ||
- | * Miro - Coverity experience | + | * Coverity experience |
* 3 bc theses | * 3 bc theses | ||
* Use owasp tools, test against vulnerable apps, evaluate | * Use owasp tools, test against vulnerable apps, evaluate | ||
* Implement personalized testing scenarios inside given framework (he Web Application Hacker' | * Implement personalized testing scenarios inside given framework (he Web Application Hacker' | ||
* multiple scenarios, every week demonstration of progress | * multiple scenarios, every week demonstration of progress | ||
- | | + | |
* Metrics (owasp top 10) | * Metrics (owasp top 10) | ||
Line 159: | Line 170: | ||
* covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try | * covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try | ||
* [2011] Hackademic Challenges https:// | * [2011] Hackademic Challenges https:// | ||
- | * vulnerable app, challenges | + | * vulnerable app, challenges: https:// |
* TRY | * TRY | ||
* [2013] OWASP Security Shepherd https:// | * [2013] OWASP Security Shepherd https:// | ||
- | * TRY | + | * TRY: https:// |
* security teaching application, | * security teaching application, | ||
+ | * [2015] Samurai Web Testing Framework http:// | ||
+ | * preinstalled Mutillidae, | ||
==== Security-supporting library ==== | ==== Security-supporting library ==== | ||
Line 176: | Line 189: | ||
* [2014] JSON Sanitizer Project https:// | * [2014] JSON Sanitizer Project https:// | ||
* Given JSON-like content, convert it to valid JSON. Java library | * Given JSON-like content, convert it to valid JSON. Java library | ||
+ | * [2015] Several Java web applications and command line applications covering different security topics: https:// | ||