1 / 5

Software Security Lecture 10

Software Security Lecture 10. Fang Yu Dept. of MIS, National Chengchi University Spring 2011. Announcement. Project m eeting with your professor: One hour meeting with me at my office 150409 (Health Center 4F) All the team members need to attend

stu
Download Presentation

Software Security Lecture 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software SecurityLecture 10 Fang Yu Dept. of MIS, National Chengchi University Spring 2011

  2. Announcement • Project meeting with your professor: • One hour meeting with me at my office 150409 (Health Center 4F) • All the team members need to attend • Please prepare slides to present your ideas • I will give you my feedback on your proposal • Available slots: • This Friday 8:00~4:00

  3. Project teams (Schedule) • Anthony Cimo, Alexis Kirat, Kuan-Ming Chen and I-Yang Dong (Friday, 8:00-9:00) • JuiletteMaxime Lessing, Hsing Huang and Chen-Yi Yang • Jorina van Malsen,  Eric Huang and Ruei-Chen Dai (Friday, 3:00-4:00) • Adam Fremd, Vincent Liou and Ruei-JiunLiang (Monday, 8:00-9:00)

  4. Outline • Today, we will have Chen Yi presenting the last book chapter: Detect Vulnerabilities in Source Code (Chapter 18) • We will also have two paper presentations: • Kuan-Ming leads the discussion: Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code. (Security lab@UCSB) You can find the tool Wepawet here. http://wepawet.iseclab.org/ • Eric leads the discussion on: Toward Automated Detection of Logic Vulnerabilities in Web Applications. (Security lab@UCSB)

  5. Next Week We will videotape the class I will present my paper “Patching Vulnerabilities with Sanitization Synthesis” I will also introduce to you our tool “Stranger” We will also have two paper discussions: (1) Static Detection of Security Vulnerabilities in Scripting Languages (by Alex) and (2) Static Detection of Cross-site Scripting Vulnerabilities (by Juliette Lessing)

More Related