Secure Programming

Slides

• 13 Secure Programming
• 14 Secure Programming
• 15 Secure Programming
  • Extra Slides - Car key hacking slides, not covered in lecture so not examinable

News from Lecture

Below are some of the news stories cited in lecture or during the first 5 minutes.

• Marks & Spencer Attack Timeline
• Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development by NSA/CISA
  • A PATH TOWARD SECURE AND MEASURABLE SOFTWARE from President Biden’s National Cybersecurity Strategy (now removed from Whitehouse website)
• A “Kill Chain” Analysis of the 2013 Target Data Breach
• Untold Story of NotPetra by Wired

Try it out

Below are some capture the flag sources online. These are not required for the course, but you may find them interesting to try out.

• PicoCFT

Additional Resources

Industry reports and resources

• OWASP Top 10

Research Papers

• Kocher, Paul, et al. “Spectre attacks: Exploiting speculative execution.” Communications of the ACM 63.7 (2020)​
• Lipp, Moritz, et al. “Meltdown: Reading kernel memory from user space.” Communications of the ACM 63.6 (2020): 46-56.
• Georgiev, Martin, et al. “The most dangerous code in the world: validating SSL certificates in non-browser software.” Proceedings of the 2012 ACM conference on Computer and communications security. 2012.
• Mohammad Tahaei and Kami Vaniea. 2022. Recruiting Participants With Programming Skills: A Comparison of Four Crowdsourcing Platforms and a CS Student Mailing List. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ‘22).