Description
PSNC is performing source code security tests of gLite; basing on our experience (and commonly found vulnerabilities) we'd like to tell the programmers how to avoid making common security vulnerabilities and how to use several simple tools to find the most trivial vulnerabilities (like using potentially dangerous functions or simple memory leaks). Input data filtering mechanisms would be especially emphasized. Another short talk will show some simple tools that may be used by the developers (of C, PHP, Java). Additionally, a talk about a simple hardening of a Web server would be included (e.g. avoiding Information Disclosure attacks).
A general idea is that the programmers and administrators should not be security specialists, but should be taught more about secure programming/configuration and its significance. That would help also the security specialists, who would be able to devote more effort for finding vulnerabilities that are hidden deeply and require a thorough analysis.
Submitter affiliation
SA3