Sep 21โ€‰โ€“โ€‰25, 2009
Hotel Barcelo Sants
Europe/Zurich timezone

Session

Systems & Software Security Session

Sep 21, 2009, 5:00โ€ฏPM
Hotel Barcelo Sants

Hotel Barcelo Sants

Barcelona

Description

PSNC is performing source code security tests of gLite; basing on our experience (and commonly found vulnerabilities) we'd like to tell the programmers how to avoid making common security vulnerabilities and how to use several simple tools to find the most trivial vulnerabilities (like using potentially dangerous functions or simple memory leaks). Input data filtering mechanisms would be especially emphasized. Another short talk will show some simple tools that may be used by the developers (of C, PHP, Java). Additionally, a talk about a simple hardening of a Web server would be included (e.g. avoiding Information Disclosure attacks).

A general idea is that the programmers and administrators should not be security specialists, but should be taught more about secure programming/configuration and its significance. That would help also the security specialists, who would be able to devote more effort for finding vulnerabilities that are hidden deeply and require a thorough analysis.

Submitter affiliation

SA3

Presentation materials

Building timetable...