Arvutiteaduse instituut
  1. Kursused
  2. 2020/21 kevad
  3. Turvalise programmeerimise meetodite projekt (MTAT.07.016)
EN
Logi sisse
Tähelepanu! Tehnilise tõrke tõttu on hetkel kättesaadavad vaid 2020.a. ja hilisemad üles laetud failid ja kevadsemestri kursused. Rikke kõrvaldamisega tegeletakse.

Turvalise programmeerimise meetodite projekt 2020/21 kevad

  • Main
  • Scanners
  • Ideas

Secure Programming Techniques Project

  • Code: MTAT.07.016 (3 EAP)
  • Meetings: Fri 14-16 - video; (only on pre-announced weeks - see below)
  • Lecturer: Meelis Roos
  • 'Communication:''' MS Teams (please log in to see team code for joining) (needs login with ut.ee account)
  • Goal: find and fix a new security problem in real software.
  • Grading comes 90% from the result of final presentation and report of the project and 10% from keeping up with the in-term deadlines
  • Questions: mroos at ut dot ee

First meeting will take place on 12.02.2020 14.15-16 on (Zoom video) meeting passcode: (please log in to see the passcode) - please log in with ut.ee account.

Outline

  • Ideas for projects
  • Simple projects are for one person only
  • 2-3 person projects are possible, but you need to plan work distribution ahead and show that it seems possible without one student blocking another
  • Incomprehensive list of source code Scanners
  • Find a opensource project for scanning
  • Do active tests only against your own instance of the application. Only try attacks against the systems where you have agreement for security testing.
  • Find suitable tools for first steps, use them
  • Search for security holes manually
  • Find another project if nothing has been found (no later then end of March)
  • Document the bug
  • Fix the bug
  • Fix all bugs of the same kind if possible
  • Test and document the fixes
  • Send a patch upstream, rewriting it if asked, until the patch is merged
  • Give a presentation

Planned meetings

  • 12.02.2020 14-16 - First meeting, intro
  • 21.02.2020 - Code auditing demo with scanners (screencast with audio from 2018)
  • 09.04.2020 14-16 - Midterm meeting: how you have succeeded in finding the bugs: https://ut-ee.zoom.us/j/93221040592?pwd=Wkl0REg0N3hta3BnY29RWURaOTlnZz09
  • 29.05.2020 14-16 - Final presentations
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.