Presentation
Secure Coding Practices & Dependency Analysis Tools
DescriptionSecuring your network is not enough! Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker. Our goal is to increase the number of people in the workforce who can act as defenders of our HPC and data infrastructure. In this tutorial we cover weaknesses from the most recent "Stubborn Weaknesses in the CWE Top 25" list from MITRE. These weaknesses are the ones most present in real-world security exploits, and also the ones that have consistently stayed in the top 25 for at least five years. Attendees will learn how to recognize these weaknesses and code in a way that avoids them. Another issue affecting the security of our cyber-infrastructure is that its software depends upon a myriad of packages and libraries, and those come from different sources. Dependency analysis tools can catch flaws in those packages and libraries, and that affects the safety of the application. The more programmers are exposed to training in addressing security issues and the more they learn how to use dependency analysis tools, the bigger the impact that we can make on the security of our cyber-infrastructure.
For the hands-on exercises, we will be using two web applications that we recommend to download in advance.For Windows machines:
In VMware run this virtual machine image: https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/software-security-web.ova
For Mac OS machines:
0) Prerequisites: JDK, mongodb, Postman
1) Create a directory for the exercises.
2) Download to that directory the three tar files located athttps://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/tar_files/
3) For each of the three tar files run "tar xvf file-name.tar"If you have any questions or issues please contact elisa@cs.wisc.edu
For the hands-on exercises, we will be using two web applications that we recommend to download in advance.For Windows machines:
In VMware run this virtual machine image: https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/software-security-web.ova
For Mac OS machines:
0) Prerequisites: JDK, mongodb, Postman
1) Create a directory for the exercises.
2) Download to that directory the three tar files located athttps://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/tar_files/
3) For each of the three tar files run "tar xvf file-name.tar"If you have any questions or issues please contact elisa@cs.wisc.edu
Event Type
Tutorial
TimeMonday, 18 November 20241:30pm - 5pm EST
LocationB209
Security
TUT
Links