Section outline
-
02/10
- Lecture 3 : understanding (and avoiding !) code vulnerabilities
- some exercises about programming languages (in)-security
Reading suggestions:
- The NIST Vulnerability Database, two examples of recent CVE (CVE-2023-43907 and CVE-2023-36131)
- Common Weakness Enumeration: buffer overflows, integer overflows, use-after-free, etc.
- What happened to my Code ? (about undefined behaviors in C)
- CERT secure coding standarts
- Google Zero Project: 0day Exploit Root Cause Analyses
- The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities (M. Dowd, J. MacDonald, J. Shuh) [chapters 5 to 8]
- Summary of C/C++ integer rules