Institute of Computer Science
  1. Courses
  2. 2020/21 spring
  3. Secure Programming Techniques Project (MTAT.07.016)
ET
Log in

Secure Programming Techniques Project 2020/21 spring

  • Main
  • Scanners
  • Ideas

Secure Programming Techniques Project

  • Code: MTAT.07.016 (3 EAP)
  • Meetings: Fri 14-16 - video; (only on pre-announced weeks - see below)
  • Lecturer: Meelis Roos
  • 'Communication:''' MS Teams (please log in to see team code for joining) (needs login with ut.ee account)
  • Goal: find and fix a new security problem in real software.
  • Grading comes 90% from the result of final presentation and report of the project and 10% from keeping up with the in-term deadlines
  • Questions: mroos at ut dot ee

First meeting will take place on 12.02.2020 14.15-16 on (Zoom video) meeting passcode: (please log in to see the passcode) - please log in with ut.ee account.

Outline

  • Ideas for projects
  • Simple projects are for one person only
  • 2-3 person projects are possible, but you need to plan work distribution ahead and show that it seems possible without one student blocking another
  • Incomprehensive list of source code Scanners
  • Find a opensource project for scanning
  • Do active tests only against your own instance of the application. Only try attacks against the systems where you have agreement for security testing.
  • Find suitable tools for first steps, use them
  • Search for security holes manually
  • Find another project if nothing has been found (no later then end of March)
  • Document the bug
  • Fix the bug
  • Fix all bugs of the same kind if possible
  • Test and document the fixes
  • Send a patch upstream, rewriting it if asked, until the patch is merged
  • Give a presentation

Planned meetings

  • 12.02.2020 14-16 - First meeting, intro
  • 21.02.2020 - Code auditing demo with scanners (screencast with audio from 2018)
  • 09.04.2020 14-16 - Midterm meeting: how you have succeeded in finding the bugs: https://ut-ee.zoom.us/j/93221040592?pwd=Wkl0REg0N3hta3BnY29RWURaOTlnZz09
  • 29.05.2020 14-16 - Final presentations
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment