Vulnérabilités Logicielles

Objectives

Learn the following concepts:

    Various software vulnerabilities
        various BOFs (stacks, heaps, BSS)
        format strings
        integer overflow
        SUID program
        return oriented programming
    Static analysis undefined behavior
    Countermeasures (Control Flow integrity, etc.)
    OpenBSD

Description

The objective of this course is to introduce students to different types of software vulnerabilities that are frequently encountered, especially in programs written in the C language, the language that will be used in this course. The usual memory protection countermeasures to protect against these types of vulnerabilities are also proposed.

At the end of this course, the student will be able to analyze a program and judge its security level by considering the software vulnerabilities presented in this course. He will be able to identify the tests to be performed to highlight the existence of a software vulnerability. He will also be able to compare different countermeasures, to identify the most suitable one to correct a vulnerability and to implement it.

Finally, good development practices for security are exposed. With the help of the OpenBSD case study, students learn for example the right architectural choices and functions of the standard C library to use or avoid.