Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,

Slides:



Advertisements
Similar presentations
Buffer Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Preventing Buffer Overflows (for C programmers)
Advertisements

Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.
1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.
By Hiranmayi Pai Neeraj Jain
System Construction and Implementation Objectives:
Chapter 5: Common Support Problems
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Chapter 10 Systems Operation, Support, and Security
Discovering Computers Fundamentals, 2011 Edition Living in a Digital World.
Web Usability by Scott Grissom1 Web Usability Scott Grissom Computer Science & Information Systems.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
 QUALITY ASSURANCE:  QA is defined as a procedure or set of procedures intended to ensure that a product or service under development (before work is.
C Programmer Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: For C Programmers Author: Jedidiah.
Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.
Systems Analysis and Design: The Big Picture
System Implementation. System Implementation and Seven major activities Coding Testing Installation Documentation Training Support Purpose To convert.
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
Information Systems Security Computer System Life Cycle Security.
Software Testing Life Cycle
By Anthony W. Hill & Course Technology1 Common End User Problems.
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your.
Introduction to Buffer Overflows Author: Jedidiah R. Crandall, Distributed: 14 July 2002 Embry-Riddle Aeronautical University in Prescott,
Chapter 14 Information System Development
Computer Security and Penetration Testing
1 1 Vulnerability Assessment of Grid Software Jim Kupsch Associate Researcher, Dept. of Computer Sciences University of Wisconsin-Madison Condor Week 2006.
1 The Software Development Process  Systems analysis  Systems design  Implementation  Testing  Documentation  Evaluation  Maintenance.
Buffer Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Introduction to Buffer Overflows Author:
Overview of Key Security Concepts and Vocabulary This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service.
Embry-Riddle Aeronautical University Prescott, Arizona
1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.
Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,
Buffer Overflow Causes Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Causes Author:
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
IT Job Roles & Responsibilities Shannon Ciriaco Unit 2:
University of Palestine software engineering department Testing of Software Systems Program Inspections, Walkthroughs, and Reviews instructor: Tasneem.
Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Defenses.
Software Testing and Maintenance 1 Code Review  Introduction  How to Conduct Code Review  Practical Tips  Tool Support  Summary.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
How to Use BO Demos. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. How to Use Buffer Overflow Demos (applets)
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
CSI 1340 Introduction to Computer Science II Chapter 1 Software Engineering Principles.
Bina Nusantara 19 C H A P T E R SYSTEM CONSTRUCTION AND IMPLEMENTATION.
Intro to Buffer Overflow Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Intro Author:
1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.
HNDIT23082 Lecture 09:Software Testing. Validations and Verification Validation and verification ( V & V ) is the name given to the checking and analysis.
SLC – You tell me Web design – Using software design a website.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
Cases Study: Code Red. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Case Study: Code Red Author: Jedidiah.
Testing throughout Lifecycle Ljudmilla Karu. Verification and validation (V&V) Verification is defined as the process of evaluating a system or component.
Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Buffer Overflow Defenses
SE-1021 Software Engineering II
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Buffer Overflow Defenses
Information Systems Development
Systems Analysis and Design
A Thread Relevant to all Levels of the EA Cube
IT Roles and Responsibilities
You Are Not Alone Architect Analyst Developer Manage Operations Tester
Lecture 09:Software Testing
Engineering Secure Software
Quiz: Buffer Overflow Causes
Case Study: Code Red Author: Jedidiah R. Crandall,
Buffer Overflow Defenses
Systems Construction and Implementation
Systems Construction and Implementation
Preventing Buffer Overflows (for C programmers)
Presentation transcript:

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle, Susan Gerhart This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No Distributed July 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Click on the diagram sections to view a slide

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Academia produces students who: Aren't tuned into the dangers of buffer overflows Can't recognize a buffer overflow vulnerability when they see it, so they make the mistake in coding Are careless in their coding as well as inspection and testing tasks Are not made aware of buffer overflows by instructors or textbooks

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Managers, Developers and QA specialists iterate through cycles of detailed design and coding but... Employ poor coding and quality skills learned in school Are often forced to use low-level languages like C Use established programming techniques that are highly error-prone Fail to incorporate inspection and design techniques known to prevent and discover buffer overflow Run levels of code they can't control but which are riddled with buffer overflows

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Buffer Overflow Vulnerabilities not detected during development and QA get into products Vulnerable code slips through tests and inspection New products expose buffer overflows in old code from libraries and other vendors Proper use of products to avoid buffer overflows isn't known or documented

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. An End User may find a Buffer Overflow unintentionally or may search for it An ordinary user may observe unusual activity or symptoms of buffer overflow Security shops like Eeye and university groups search for vulnerabilities by playing the role of attackers on new and old products

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. An Attacker finds a way to force a buffer overflow to meet their purposes Attackers know common vulnerabilities of vendors and their products Attackers learn from the web and from each other how to make buffer overflows occur Attackers acquire ways to make buffer overflows lead to hijacking a system or planting seeds for future attacks

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. When product users find a buffer overflow and alert authorities, a flurry of patching occurs: An alert goes to the vendor and official sites like cert.org A confirmation, analysis, and explanation goes out to vendors and users as an advisory

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. The developer reaction team, security shop, and authorities issue a patch: Users of the product must install the patch to protect themselves and others Vendors issue multiple patches, often daily

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. The development organization responds to the buffer overflow vulnerability by: Fixing the underlying code problem in its later versions Replacing patches with corrected code Improving develpment processes and tools to avoid similar buffer overflows

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. There is no feedback to academia. If there were, it could: Make the pipeline of students more sensitive to buffer overflows Improve education and training materials - books, exercises, tools Encourage authors and instructors to raise the visibility of the buffer overflow problem Incorporate economic lessons of publicity and cost analyses from journalists and industry analysts

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. About this Project This presentation is part of a larger package of materials on buffer overflow vulnerabilities, defenses, and software practices. For more information, go to: Also available are: –Demonstrations of how buffer overflows occur (Java applets) –PowerPoint lecture-style presentations on an introduction to buffer overflows, preventing buffer overflows (for C programmers), and a case study of Code Red –Checklists and Points to Remember for C Programmers –An interactive module and quiz set with alternative paths for journalists/analysts and IT managers as well as programmers and testers –A scavenger hunt on implications of the buffer overflow vulnerability Please complete a feedback form at to tell us how you used this material and to offer suggestions for improvements.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.