Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:TDG/SecTut-EGEE091109

From EGIWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

EGI-CSIRT Public wiki EGI-CSIRT Private wiki


EGI-CSIRT Contacts | Back to TDG Main

Joint Middleware and Operational Security Session (MWSG/OSCT)

This meeting addresses software developers, site administrators and security personnel. It aims to give security recommendations and present good security practices to the audience, including software development, deployment and operations with a specific emphasis on grid middleware. It also presents security policies and procedures all grid participants are bound to.

Contributors

Vulnerability Assessment and Secure coding

Security is crucial in the software that we develop and use. This tutorial is relevant to anyone wanting to learn about assessing software for security flaws and for developers wishing to minimize security flaws in software they develop.

The tutorial covers a process to actively discover vulnerabilities. We show how to gather information about a system which is used to direct the search for vulnerabilities, and how to integrate vulnerability assessment and discovery into the development cycle. This tutorial teaches critical assessment and coding skills. In addition, it discusses policy issues relating to independent auditing, vulnerability reporting, and integrating security fixes into the software release cycle.

Next, we examine coding practices to prevent vulnerabilities by describing more than 20 types of vulnerabilities with examples of how they commonly arise, and techniques to prevent them. Most examples are in C, C++, Perl, and the standard C and POSIX APIs.

Contributors