Secure Programming Techniques Project
- Code: MTAT.07.016 (3 EAP)
- Meetings: Fri 14:15-16:00 - video; (only on pre-announced weeks - see below)
- Lecturers: Aivo Toots, Andres Jõgi
- Communication: UT Zulip, stream "Secure Programming Techniques Project 2022"
- Goal: find and fix a new security problem in real software.
- Grading Grading information available in ÕIS
- Questions: aivo dot toots at cyber dot ee, andres dot jogi at cyber dot ee
First meeting will take place on 11.02.2022 14:15-16:00 on Zoom, link will be provided.
Outline
- Ideas for projects (to be updated)
- Incomprehensive list of source code Scanners
- Find a opensource project for scanning
- Work projects are also acceptable, if we are able to access the source code
- Do active tests only against your own instance of the application. Only try attacks against the systems where you have agreement for security testing.
- Find suitable tools for first steps, use them
- Search for security holes manually
- Find another project if nothing has been found (no later then end of March)
- Document the bug
- Fix the bug
- Fix all bugs of the same kind if possible
- Test and document the fixes
- Send a patch upstream, rewriting it if asked, until the patch is merged
- Write a report and give a presentation
Planned meetings (Online)
- 11.02.2022 - First meeting, intro: slides, recording
- 04.03.2022 - Code auditing demo with scanners: slides, recording
- 08.04.2022 - Midterm meeting: how you have succeeded in finding the bugs midterm_report_sample.pdf, midterm_report_sample.tex
- 13.05.2022 - No seminar!
- 20.05.2022 - Final presentation