70 likes | 206 Views
Software Security Lecture 10. Fang Yu Dept. of MIS, National Chengchi University Spring 2011. Announcement. Project m eeting with your professor: One hour meeting with me at my office 150409 (Health Center 4F) All the team members need to attend
E N D
Software SecurityLecture 10 Fang Yu Dept. of MIS, National Chengchi University Spring 2011
Announcement • Project meeting with your professor: • One hour meeting with me at my office 150409 (Health Center 4F) • All the team members need to attend • Please prepare slides to present your ideas • I will give you my feedback on your proposal • Available slots: • This Friday 8:00~4:00
Project teams (Schedule) • Anthony Cimo, Alexis Kirat, Kuan-Ming Chen and I-Yang Dong (Friday, 8:00-9:00) • JuiletteMaxime Lessing, Hsing Huang and Chen-Yi Yang • Jorina van Malsen, Eric Huang and Ruei-Chen Dai (Friday, 3:00-4:00) • Adam Fremd, Vincent Liou and Ruei-JiunLiang (Monday, 8:00-9:00)
Outline • Today, we will have Chen Yi presenting the last book chapter: Detect Vulnerabilities in Source Code (Chapter 18) • We will also have two paper presentations: • Kuan-Ming leads the discussion: Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code. (Security lab@UCSB) You can find the tool Wepawet here. http://wepawet.iseclab.org/ • Eric leads the discussion on: Toward Automated Detection of Logic Vulnerabilities in Web Applications. (Security lab@UCSB)
Next Week We will videotape the class I will present my paper “Patching Vulnerabilities with Sanitization Synthesis” I will also introduce to you our tool “Stranger” We will also have two paper discussions: (1) Static Detection of Security Vulnerabilities in Scripting Languages (by Alex) and (2) Static Detection of Cross-site Scripting Vulnerabilities (by Juliette Lessing)