{"id":16659118,"url":"https://github.com/agroce/naucs499sp18","last_synced_at":"2025-05-13T03:31:12.411Z","repository":{"id":90292737,"uuid":"119717393","full_name":"agroce/naucs499sp18","owner":"agroce","description":"CS 499: Software Security, Spring 2018","archived":false,"fork":false,"pushed_at":"2024-10-15T17:38:29.000Z","size":7355,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-01T15:48:42.206Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agroce.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-31T17:07:34.000Z","updated_at":"2024-10-15T17:38:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"3ee6662d-29d6-4fdd-aecd-39e1aa09987a","html_url":"https://github.com/agroce/naucs499sp18","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agroce%2Fnaucs499sp18","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agroce%2Fnaucs499sp18/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agroce%2Fnaucs499sp18/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agroce%2Fnaucs499sp18/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agroce","download_url":"https://codeload.github.com/agroce/naucs499sp18/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253867471,"owners_count":21976232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-12T10:23:53.834Z","updated_at":"2025-05-13T03:31:07.396Z","avatar_url":"https://github.com/agroce.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"CS 499: Software Security, Spring 2018\n\nPROF: Alex Groce (github or my web page at https://agroce.github.io will give the scoop on me, Google Scholar can tell you most of what I \"do\")\n\nOFFICE HOURS:  Wed 12:15pm, SICCS 208\n\nClass discussion via slack, assignments submitted via email drop posted in slack\n\n3 assignments + 1 in-class test (25% of grade each)\n\nLIVING SYLLABUS:\n\n- Intro to Software Security (READ ANDERSON)\n  - Security is about CIA\n      - Confidentiality\n      - Integrity\n      - Availability\n    - (of information)\n  - Security is often about BUGS\n  - A bug + a motive = probability of trigger being low no longer helps\n- Protocols, key/encryption as black box basics\n  - Needham-Schroeder Public Key weakness\n  - Protocol fuzzing\n- Static analysis\n  - Basics: dead code, crying wolf, prioritizing warnings, pointers are hard\n  - Chess and McGraw overview\n  - Comparing Python tools (picky configurable pylint vs. friendly pyflakes)\n  - Uno:  uninitialized variables, null pointers, out-of-bounds access\n    - Basic dataflow\n    - Automata composition to find def-use\n  - Building a simple static analysis tool\n    - Parse\n    - Build annotated CFG\n    - Walk the annotated CFG\n    \n    - Reporting warnings more succinctly\n    - Limiting depth to which loops are unwound\n    \n    - Taint analysis\n      - Simple version of SQL injection\n    - Side channels\n\n- Dynamic analysis\n  - Intro to afl-fuzz\n  - Intro to TSTL (library testing)\n\n  - Grammar-based fuzzing and target selection criteria\n    - Solidity compiler example (fuzz in a way nobody has fuzzed\n    before)\n\t- Pick targets of actual value, for white hat or black hat purposes!\n\n  - Practical fuzzing combined with \"manual static analysis\"\n\n  - Building exploits\n\n  - Kinds of dynamic analysis (stuff to check for!) esp. useful in security\n    - \"Crashes\" (obviously)\n    - Memory safety more generally:  bad access without crash\n    - Taint\n    - Determinism\n    - Nondeterminism\n    - Race conditions\n\n  - SQL injection attacks\n    - Dynamic analysis paper, concolic testing, specialized queries,\n  working backwards from a failure \n\n\n\nClass in a few whiteboards:\n\n![GONE!](https://github.com/agroce/naucs499sp18/blob/master/testreview/IMG_0288.jpg)\n\n![GONE!](https://github.com/agroce/naucs499sp18/blob/master/testreview/IMG_0289.jpg)\n\n![GONE!](https://github.com/agroce/naucs499sp18/blob/master/testreview/IMG_0291.jpg)\n\n![GONE!](https://github.com/agroce/naucs499sp18/blob/master/testreview/IMG_0292.jpg)\n\n![GONE!](https://github.com/agroce/naucs499sp18/blob/master/testreview/IMG_0293.jpg)\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagroce%2Fnaucs499sp18","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagroce%2Fnaucs499sp18","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagroce%2Fnaucs499sp18/lists"}