Vulnérabilités Logicielles
Objectives
Learn the following concepts:
Various software vulnerabilities
various BOFs (stacks, heaps, BSS)
format strings
integer overflow
SUID program
return oriented programming
Static analysis undefined behavior
Countermeasures (Control Flow integrity, etc.)
OpenBSD
Description
The objective of this course is to introduce students to different types of software vulnerabilities that are frequently encountered, especially in programs written in the C language, the language that will be used in this course. The usual memory protection countermeasures to protect against these types of vulnerabilities are also proposed.
At the end of this course, the student will be able to analyze a program and judge its security level by considering the software vulnerabilities presented in this course. He will be able to identify the tests to be performed to highlight the existence of a software vulnerability. He will also be able to compare different countermeasures, to identify the most suitable one to correct a vulnerability and to implement it.
Finally, good development practices for security are exposed. With the help of the OpenBSD case study, students learn for example the right architectural choices and functions of the standard C library to use or avoid.