Security is crucial to the software that we develop and use. With the incredible growth of both Web and Cloud series, security is becoming even more critical.
Securing your network is not enough. Every service that you deploy is a window into the data center from the outside world, and a window that could be exploited by an attacker.
This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical middleware. You will learn skills critical for software developers and analysts concerned with security. This tutorial starts by presenting basic concepts related to threats, weaknesses and vulnerabilities. You will learn analyst techniques that will better prepare you to defend against attackers. The rest of the tutorial presents coding practices that lead to vulnerabilities, with examples of how they commonly arise, techniques to prevent them, and exercises to reinforce you skills in avoiding them. Examples come from a wide variety of languages, including Java, C, C++, C#, Perl, Python, and Ruby, and come from real code belonging to Cloud and Grid systems we have assessed. This tutorial is an outgrowth of our experiences in performing vulnerability assessment of critical middleware, including Google Chrome, Wireshark, Condor, SDSC Storage Resource Broker, NCSA MyProxy, INFN VOMS Admin and Core, and others.
Note that this tutorial goes from 8:30am to 12:30pm. If you plan to attend, it should be for the entire session; there are no late drop-ins. Please RSVP to Bart (firstname.lastname@example.org) if you plan to attend.
There will be a hosted coffee break mid-morning.