Secure Programming Techniques Project
- Code: MTAT.07.016 (3 EAP)
- Seminars: Fri 12-14 Liivi 2 - 404 (only on pre-announced weeks)
- Lecturer: Meelis Roos
- Goal: find and fix a new security problem in real software.
- Grading comes 90% from the result of final presentation and report of the project and 10% from keeping up with the in-term deadlines
- Questions: mroos at ut dot ee
First meeting was on Fri, February 22 2013 Liivi 2-404.
Outline
- Ideas for projects
- Simple projects are for one person only
- 2-3 person projects possible, but you need to plan work distribution ahead and show that it seems possible without one student blocking behind other
- Incomprehensive list of source code Scanners
- Find a opensource project for scanning
- Find suitable tools for first steps, use them
- Search for security holes manually
- Find another project if nothing has been found (no later then end of March)
- Document the bug
- Fix the bug
- Fix all bugs of the same kind if possible
- Test and document the fixes
- Send a patch upstream, rewriting it if asked
- Give a presentation
Planned meetings
- 22.02.2013 room 404 - First meeting, intro
- 01.03.2013 room 404 - Code auditing demo with scanners and manual reading (demo screencast)
- 12.04.2013 room 404 - Midterm meeting: how you have succeeded in finding some bugs
- 31.05.2013 room 403 - Final presentations