Description
Security is crucial in the software that we develop and use. This tutorial is relevant to anyone wanting to learn about assessing software for security flaws and for developers wishing to minimize security flaws in software they develop.
The tutorial covers a process to actively discover vulnerabilities. We show how to gather information about a system which is used to direct the search for vulnerabilities, and how to integrate vulnerability assessment and discovery into the development cycle. This tutorial teaches critical assessment and coding skills. In addition, it discusses policy issues relating to independent auditing, vulnerability reporting, and integrating security fixes into the software release cycle.
Next, we examine coding practices to prevent vulnerabilities by describing more than 20 types of vulnerabilities with examples of how they commonly arise, and techniques to prevent them. Most examples are in C, C++, Perl, and the standard C and POSIX APIs.
