1. Software Security Lecture 10 Fang Yu Dept. of MIS, National Chengchi University Spring 2011

2. Announcement  Project meeting with your professor:  One hour meeting with me at my office 150409 (Health Center 4F)  All the team members need to attend  Please prepare slides to present your ideas  I will give you my feedback on your proposal  Available slots:  This Friday 8:00~4:00

3. Project teams (Schedule)  Anthony Cimo, Alexis Kirat, Kuan-Ming Chen and I-Yang Dong (Friday, 8:00-9:00)  Juilette Maxime Lessing, Hsing Huang and Chen-Yi Yang  Jorina van Malsen, Eric Huang and Ruei- Chen Dai (Friday, 3:00-4:00)  Adam Fremd, Vincent Liou and Ruei-Jiun Liang (Monday, 8:00-9:00)

4. Outline  Today, we will have Chen Yi presenting the last book chapter: Detect Vulnerabilities in Source Code (Chapter 18)  We will also have two paper presentations:  Kuan-Ming leads the discussion: Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code. (Security lab@UCSB) You can find the tool Wepawet here. http://wepawet.iseclab.org/http://wepawet.iseclab.org/  Eric leads the discussion on: Toward Automated Detection of Logic Vulnerabilities in Web Applications. (Security lab@UCSB)

5. Next Week  We will videotape the class  I will present my paper “Patching Vulnerabilities with Sanitization Synthesis”  I will also introduce to you our tool “Stranger”  We will also have two paper discussions: (1) Static Detection of Security Vulnerabilities in Scripting Languages (by Alex) and (2) Static Detection of Cross-site Scripting Vulnerabilities (by Juliette Lessing)