21-25 September 2009
Hotel Barcelo Sants
Europe/Zurich timezone

Systems & Software Security Session

Not scheduled
Hotel Barcelo Sants

Hotel Barcelo Sants

Session Security


Mr Gerard Jan Frankowski (PSNC (Poznań, Poland))

Session Description (include details of proposed agenda, potential speakers and expected outcomes)

The first three talks make an "version a)" of the session (2 hours)
1. "Writing secure code not being a security specialist" - 45-60 mins
2. "A developer's security toolset: what if I scan the code myself?" - 30 mins
3. "My Web server safe & sound" - 30-45 mins

The following two talks are an extension to the session (version "b"), would be given by someone else.
4. "Defensive network programming" - up to 1 hour
5. "Raising applications security in EGEE with gLite" - up to 1 hour

Project(s) or EGEE activity presenting the demo or poster (project or activity names only)



SA3, Gerard Frankowski (PSNC) - three talks (1-3)
The talks 4 and 5 would be given by someone else

Special requirements other than the set up mentioned in the CfA text.

ca 60-80, the session is basically for the developers and the system administrators

Please indicate your preferred day to give a demo.

versions: a) 2hrs,b) 4hrs


PSNC is performing source code security tests of gLite; basing on our experience (and commonly found vulnerabilities) we'd like to tell the programmers how to avoid making common security vulnerabilities and how to use several simple tools to find the most trivial vulnerabilities (like using potentially dangerous functions or simple memory leaks). Input data filtering mechanisms would be especially emphasized. Another short talk will show some simple tools that may be used by the developers (of C, PHP, Java). Additionally, a talk about a simple hardening of a Web server would be included (e.g. avoiding Information Disclosure attacks).

A general idea is that the programmers and administrators should not be security specialists, but should be taught more about secure programming/configuration and its significance. That would help also the security specialists, who would be able to devote more effort for finding vulnerabilities that are hidden deeply and require a thorough analysis.

Primary author

Mr Gerard Jan Frankowski (PSNC (Poznań, Poland))

Presentation materials

There are no materials yet.