Fundamentals of Secure Coding and how to Break Software
Everyone, whether they write protocols or internal processes is responsible for using Secure Coding techniques to minimize the adverse effects of attacks, whether those attacks are intentional or accidental. If a process deep in the bowels of a product crashes because it receives bad data or because a resource that should have been there was not, it is still a crash and reduces the availability of the product.
Secure Coding is the process of reducing the susceptibility of code to vulnerabilities either unintentional or intentional. It includes items that are classed as defensive in nature (e.g. checking error return codes before using handles and other data structures that should have been created, or protecting against using a pointer after it has been released). It also includes items that may be more normally associated with cryptographic procedures (e,g. random number generation, encryption algorithms, etc.)
The second part of the class introduces you to "How To Break Software," a 17-step methodology to effectively and efficiently test software. You will learn a very applied and non-rigid approach to test software for common bugs. It's a departure from conventional testing in which testers prepare a written test plan and then use it as a script when testing the software.
The class teaches you how to plan tests "on the fly" by providing you with insight, experience, and a nose for where bugs are hiding. This class has hands-on component so that you can explore the testing techniques and software tools using real software.
What you will learn
- A 17-step methodology and models for effective software testing
- A plan for on-the-fly testing
- How to develop an insight to find those hard-to-find bugs
- How to test Inputs and Outputs from the User Interface
- How to test Data and Computation from the User Interface
- How to test the File System Interface
- How to test the Software/OS Interface
- How to use Holodeck Lite to inject faults for File System and OS testing
First Part: Secure Coding
- Introduction to the Software Security
- Web Vulnerabilities
- Defensive Coding Principles
- Security Testing and Quality Assurance
Second Part: How to Break Software
- Understanding the environment
- Software Capabilities
- Software Testing
- An overview of the Methodology of How To Break Software