Page History

9:00-10:00

Secure programming in Perl, Python and shell scripting languages

ŁC (author),

TN (speaking),

GF

(demo)

A general review of the most significant bad and good programming practices in the mentioned languages. The presentation will rather mention the most significant practices and will not be as extended as Java or C parts.

The slot will include a demo of Perl::Critic source code analyser.

10:00-10:30

Introduction to code review strategies and techniques

GF

A comparison of manual and automated code analysis. Basic information (with examples) to the manual source code review strategies: Code Comprehension, Candidate Point, Design Generalization. Code Auditing Tactics. An exercise will be included.

10:30-11:00

From riddle to Heartbleed – catch the bug!

GF, ?

Several exercises concerning analyzing of the source code parts, looking for security bugs. Simple exercises may be prepared as well as the real famous bugs will be analyzed (e.g. OpenSSL Heartbleed).

The detailed contents may depend on what programming language preferences will be chosen by the attendees in the registration form.

Short break 15 min (11:00-11:15), preparations to the demos and workshop

11:15-11:45

Review of the most up-to-date free static source code analyzers for C, Java and PHP 

GF, TN

A short review of currently available free static source code analysers for C, Java, and PHP (extended, comparing with previous SCTs).

11:45-12:45

Workshop: automated source code analysis 

GF, TN

2 code parts will be analyzed with automated scanners; Java and PHP. Example: the set of returned results will be analysed with the detection of false positives. Different configuration options of the tools will be tried. The source code will be repaired and the tools will be re-run.

12:45-13:00

Closing of the training

GF

Summary. Filling the evaluation forms. Prize for the smartest participant who scores the most points during the exercises (or wins the most difficult contest).