Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:research:secprog:secureprogramming [2014-12-26 17:24] – Page moved from public:secureprogramming to public:research:secprog:secureprogramming mukroppublic:research:secprog:secureprogramming [2016-12-01 13:28] (current) – external edit 127.0.0.1
Line 2: Line 2:
  
   * 19 deadly sins of software programming (Howard), examples, list of reasonably fresh real examples: http://www.math.uaa.alaska.edu/~afkjm/cs470/handouts/SecuritySins.pdf   * 19 deadly sins of software programming (Howard), examples, list of reasonably fresh real examples: http://www.math.uaa.alaska.edu/~afkjm/cs470/handouts/SecuritySins.pdf
 +  * Mozilla secure coding guidelines: https://developer.mozilla.org/en-US/docs/Secure_Development_Guidelines
 +
  
 ===== Security programming courses ===== ===== Security programming courses =====
Line 81: Line 83:
     * Run cmd with Administrator privileges     * Run cmd with Administrator privileges
       * peach configuration.xml       * peach configuration.xml
 +    * Run Peach in agent mode: //peach -a tcp//
 +      * ERROR: Error, could not load platform assembly 'Peach.Core.OS.Windows.dll' The assembly is part of the Internet Security Zone and loading has been blocked.
 +      * Solution: https://forums.peachfuzzer.com/showthread.php?198-Could-not-load-platform-assembly-Peach-Core-OS-Windows-dll
 +    * ERROR: Could not start monitor "WindowsDebugger" Could not find a part of the path 'C
 +:\Program Files\Debugging Tools for Windows (x86)\dbgeng.dll'.
 +      * set proper path to WinDbg (e.g., c:\Program Files (x86)\Debugging Tools for Windows\) in peach pit file
 +      * <Param name="WinDbgPath" value="c:\Program Files (x86)\Debugging Tools for Windows\" />
 +
 +
  
 ===== Notes ===== ===== Notes =====
Line 159: Line 170:
     * covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try     * covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try
   * [2011] Hackademic Challenges https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project   * [2011] Hackademic Challenges https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project
-    * vulnerable app, challenges+    * vulnerable app, challenges: https://github.com/Hackademic/hackademic/
     * TRY     * TRY
   * [2013] OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd   * [2013] OWASP Security Shepherd https://www.owasp.org/index.php/OWASP_Security_Shepherd
-    * TRY+    * TRY: https://github.com/OWASP/SecurityShepherd
     * security teaching application, CTF     * security teaching application, CTF
 +  * [2015] Samurai Web Testing Framework http://samurai.inguardians.com/
 +    * preinstalled Mutillidae,  
  
 ==== Security-supporting library ==== ==== Security-supporting library ====
Line 176: Line 189:
   * [2014] JSON Sanitizer Project https://www.owasp.org/index.php/OWASP_JSON_Sanitizer    * [2014] JSON Sanitizer Project https://www.owasp.org/index.php/OWASP_JSON_Sanitizer 
     * Given JSON-like content, convert it to valid JSON. Java library     * Given JSON-like content, convert it to valid JSON. Java library
 +  * [2015] Several Java web applications and command line applications covering different security topics: https://github.com/dschadow/JavaSecurity