Secure Programming Techniques Project
- Code: MTAT.07.016 (3 EAP)
- Meetings: Fri 14-16 - video; (only on pre-announced weeks - see below)
- Lecturer: Meelis Roos
- 'Communication:''' MS Teams (please log in to see team code for joining) (needs login with ut.ee account)
- Goal: find and fix a new security problem in real software.
- Grading comes 90% from the result of final presentation and report of the project and 10% from keeping up with the in-term deadlines
- Questions: mroos at ut dot ee
First meeting will take place on 12.02.2020 14.15-16 on (Zoom video) meeting passcode: (please log in to see the passcode) - please log in with ut.ee account.
Outline
- Ideas for projects
- Simple projects are for one person only
- 2-3 person projects are possible, but you need to plan work distribution ahead and show that it seems possible without one student blocking another
- Incomprehensive list of source code Scanners
- Find a opensource project for scanning
- Do active tests only against your own instance of the application. Only try attacks against the systems where you have agreement for security testing.
- Find suitable tools for first steps, use them
- Search for security holes manually
- Find another project if nothing has been found (no later then end of March)
- Document the bug
- Fix the bug
- Fix all bugs of the same kind if possible
- Test and document the fixes
- Send a patch upstream, rewriting it if asked, until the patch is merged
- Give a presentation
Planned meetings
- 12.02.2020 14-16 - First meeting, intro
- 21.02.2020 - Code auditing demo with scanners (screencast with audio from 2018)
- 03.04.2020 14-16 - Midterm meeting: how you have succeeded in finding the bugs
- 29.05.2020 14-16 - Final presentations