Special requirements other than the set up mentioned in the CfA text.
Session Description (include details of proposed agenda, potential speakers and expected outcomes)
This tutorial will be given by James Kupsch of the University of Wisconsin.
The stated purpose of the GSVG is "to eliminate Grid Security Vulnerabilities from the software and deployment and prevent new ones being introduced". While GSVG has a well established process for handling vulnerabilities reported more needs doing concerning assessing software for vulnerabilities and ensuring developers are educated in secure coding which this tutorial should help acheive.
This will be presented by James Kupsch who is a member of the Vulnerability Assessment project in the department of the University of Wisconsin Computer Science's department.
Project(s) or EGEE activity presenting the demo or poster (project or activity names only)
The EGEE Grid Security Vulnerability Group (GSVG).
Security is crucial in the software that we develop and use. This tutorial is relevant to anyone wanting to learn about assessing software for security flaws and for developers wishing to minimize security flaws in software they develop.
The tutorial covers a process to actively discover vulnerabilities. We show how to gather information about a system which is used to direct the search for vulnerabilities, and how to integrate vulnerability assessment and discovery into the development cycle. This tutorial teaches critical assessment and coding skills. In addition, it discusses policy issues relating to independent auditing, vulnerability reporting, and integrating security fixes into the software release cycle.
Next, we examine coding practices to prevent vulnerabilities by describing more than 20 types of vulnerabilities with examples of how they commonly arise, and techniques to prevent them. Most examples are in C, C++, Perl, and the standard C and POSIX APIs.
Please indicate your preferred day to give a demo.
4 hours (half day)