Section outline
-
Lundi 2/10 : Sécurité Logicielle - L. Mounier [10h-12h]
Mardi 3/10 : Sécurité Logicielle - L. Mounier [14h-17h]
Reading suggestions:
- Introduction du cours de X. Leroy sur la sécurité du logicielle (Collège de France)
- slides from E. Poll introduction course
- Mind your Language(s)
- A comprehensive description of C undefined behaviors
- "The Emperor's Old Clothes" (The 1980 ACM Turing Award Lecture, by C.A.R Hoare)
- Common Weakness Enumeration: buffer overflows, integer overflows, use-after-free, etc.
- What happened to my Code ? (about undefined behaviors in C)
- CERT secure coding standarts
- Google Zero Project: 0day Exploit Root Cause Analyses
- The Known Exploitable Vulnerabilities (KEV) catalog
- The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities (M. Dowd, J. MacDonald, J. Shuh) [chapters 5 to 8]
- Summary of C/C++ integer rules