search

OpenSecEd / software

A course module on Software Security
2 stars 1 forks source link

Interesting material #6

Open dbosk opened 8 years ago

dbosk commented 8 years ago

The people in Chalmers does interesting stuff on software security, specifically language related. Links to interesting material can be found here.

dbosk commented 7 years ago

Formal verification of computer systems covered at Marktoberdorf.

dbosk commented 7 years ago

Secure integration of multiprotocol instant messenger

@INPROCEEDINGS{8001210,
author={S. Bala and T. Wasilczyk},
booktitle={2017 IEEE International Conference on INnovations in Intelligent SysTems and Applications (INISTA)},
title={Secure integration of multiprotocol instant messenger},
year={2017},
pages={495-500},
abstract={Pidgin communicator is a multiprotocol instant messenger client, developed by open source community. It was originally a third party client of AIM (AOL Instant Messenger) protocol for Linux operating system founded in 1998. At present, its main goal is to provide common interface for every protocol it supports, so the user does not need care about protocol to use or peer's IM identifier, while he just want to talk with a Bob. The work focuses mainly on security and functionality aspects like password storage strategies, integration with plugins which provide privacy of communication. This paper shares experiences has been gained during the process of developing and replacement of existing code for version of Pidgin 3.0.0. The project realizes the list of suggestions, mainly concerning security, which has been created after code review and provide some new technical solutions that can be implemented in the future versions.},
keywords={Linux;protocols;public domain software;security of data;social networking (online);AIM;AOL instant messenger;Linux operating system;Pidgin 3.0.0;Pidgin communicator;multiprotocol instant messenger client;open source community;peer IM identifier;Encryption;Instant messaging;Libraries;Protocols;Servers;Software;instant messaging;libpurple library;off-the-record;password storage;software integration},
doi={10.1109/INISTA.2017.8001210},
month={July},}
dbosk commented 5 years ago

https://www.theregister.co.uk/2019/09/18/the_25_most_dangerous_software_weaknesses/

dbosk commented 5 years ago

https://help.github.com/en/articles/configuring-automated-security-fixes

dbosk commented 5 years ago

Vulnerable code snippets on stack overflow https://nakedsecurity.sophos.com/2019/10/09/copy-and-paste-sharing-on-stack-overflow-spreads-insecure-code/

dbosk commented 2 years ago

A Look at iMessage in iOS 14