EGI CSIRT:TDG/SecTut-EGEE091109
EGI-CSIRT Public wiki EGI-CSIRT Private wiki
EGI-CSIRT Contacts | Back to TDG Main
Joint Middleware and Operational Security Session (MWSG/OSCT)
This meeting addresses software developers, site administrators and security personnel. It aims to give security recommendations and present good security practices to the audience, including software development, deployment and operations with a specific emphasis on grid middleware. It also presents security policies and procedures all grid participants are bound to.
Contributors
- Romain Wartel (CERN): Managing grid security incident
- Daniel Kouril (CESNET): Security Monitoring, Pakiti and Nagio-based monitoring
- Christoph Witzig: Command line security tools: introduction and job-lookup-by-subject
- Tunde Balint: Command line security tools: client connect
- Christoph Witzig: Authorization Service, Argus command line tools and Central banning
- Giuseppe Misurelli (INFN): User traceability and log analysis
Vulnerability Assessment and Secure coding
Security is crucial in the software that we develop and use. This tutorial is relevant to anyone wanting to learn about assessing software for security flaws and for developers wishing to minimize security flaws in software they develop.
The tutorial covers a process to actively discover vulnerabilities. We show how to gather information about a system which is used to direct the search for vulnerabilities, and how to integrate vulnerability assessment and discovery into the development cycle. This tutorial teaches critical assessment and coding skills. In addition, it discusses policy issues relating to independent auditing, vulnerability reporting, and integrating security fixes into the software release cycle.
Next, we examine coding practices to prevent vulnerabilities by describing more than 20 types of vulnerabilities with examples of how they commonly arise, and techniques to prevent them. Most examples are in C, C++, Perl, and the standard C and POSIX APIs.
Contributors
- Linda Cornwall, James Kupsch: Vulnerability Assessment and Secure coding