Presentation
SIGN IN TO VIEW THIS PRESENTATION Sign In
Secure Coding Practices and Dependency Analysis Tools
DescriptionOur goal is to increase the number of people in the workforce who can act as defenders of our high performance computing and data infrastructure. In this tutorial we cover weaknesses from the most recent "Stubborn Weaknesses in the CWE Top 25" list from MITRE. These weaknesses (coding flaws) are the ones most present in real-world security exploits and also the ones that have consistently stayed in the top 25 for at least five years. Attendees will learn how to recognize these weaknesses and code in a way that avoids them. Another issue affecting the security of our cyberinfrastructure is the fact that its software depends upon a myriad of packages and libraries, and those come from different sources. Dependency analysis tools—tools that find weaknesses in the software supply chain and develop a software bill of materials (SBOM)—can catch flaws in those packages and libraries, and that affects the safety of the application. The more programmers are exposed to training in addressing security issues, and the more they learn how to use dependency analysis tools, the bigger the impact that we can make on the security of our cyberinfrastructure.
Note for Attendees
This tutorial has a hands-on part with several short exercises. The exercises are contained in a virtual machine image, that the attendees should download and test it in advance.
For Windows machines: In VMware run this virtual machine image: https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/software-security-vmware.ova
For Mac (M1/M2/M3): In VirtualBox run this virtual machine image: https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/software-security-mac.ova
Here are the instructions for downloading VMware:
For Windows machines: In VMware run this virtual machine image: https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/software-security-vmware.ova
For Mac (M1/M2/M3): In VirtualBox run this virtual machine image: https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Exercises/software-security-mac.ova
Here are the instructions for downloading VMware:
- Go to vmware.com and click on Products.
- Scroll down and click on SEE DESKTOP HYPERVISORS.
- Click on DOWNLOAD NOW.
- Create an account using your institutional e-mail address.
- Download VMware Fusion and Workstation (for Personal Use) (Windows).
