Software Security Les

dinsdag 11 maart 2008, 22:47  –  Reacties staat uit voor Software Security Les  -  Tags: ,

software security

The C and C++ programming languages have some serious shortcomings from the point of view of security. Certain kinds of bugs in these languages can have disastrous consequences. Stack- or heap-based buffer overruns, double frees, dangling pointers, race conditions and format-string related vulnerabilities are typical examples of bugs that can make a C/C++ application vulnerable to extremely powerful attacks such as code injection. In a code injection attack, an attacker succeeds in running code of his choosing on the target machine. This talk will discuss the most important types of vulnerabilities, and will explain how these can be exploited.

Programmers must avoid these vulnerabilities by observing strict coding disciplines to compensate for the freedom offered by the language and execution environment. Recently, improvements to the compiler and run-time environment have aided in mitigating the risk. An overview of such recent infrastructural improvements is also presented.

Location: Sterre, S9, Room A2

Webapplication Security Les

dinsdag 13 november 2007, 12:44  –  Eén reactie  -  Tags: ,

Edit (15/11/07): Enric heeft de files en slides on-line gezet op zijn persoonlijke blog. Enjoy!

Zeus geeft les! Woensdagavond om 18u00 zal Enric Junqué de Fortuny ons
alles vertellen over Webapplication Security. Hij zal ons leren hoe gluiperds proberen sites te kraken en data te ontfutselen, en hoe deze veiligheidslekken te dichten.

Afspraak woensdag 14/11/07 om 18u00 aan auditorium A2 in gebouw S9 (Sterre). De les zal ongeveer 2 uur duren.

Komende activiteiten

september 2016