This section shows training material that has been used within the STANCE project to train partners on basic fundamental topics.
These cover the following topics:

The complete material is project-confidential and the reader will find on this page some excerpts of the training courses held internally.
Accessing the complete videos requires an agreement with the project's partners. Please use the Contact page for this purpose



Abstract interpretation of C Programs (presented by Franck Vedrine, CEA-LIST): 




Code vulnerabilities and exploitation (presented by Balàzs Kiss, SEARCH-LAB)

Code Vulnerabilities and Exploitation The training gave an insight into the typical C/C++ security relevant programming bugs and common security vulnerabilities, like different types of buffer overflows and their exploitation, integer handling problems, the printf format string bug, unicode bug, covert channel attacks, etc. Comprehension of the associated risks was reinforced by committing the attacks together with the participants. The specific protection measures were introduced along with the secure coding guidelines.



Introduction to static analysis and code verification (presented by Virgile Prevosto, CEA-LIST) 



Verifast overview (presented by Bart Jacobs, KU Leuven)

In this 5-minute video, Bart Jacobs, researcher at KU Leuven and lead developer of the VeriFast modular verification tool for C and Java programs, briefly introduces the VeriFast tool.


Frama-C installation and overview (presented by Virgile Prevosto, CEA-LIST)



Frama-C plug-ins development (presented by Virgile Prevosto, CEA-LIST)



Introduction to ACSL (presented by Jens Gerlach, Fraunhofer)



Frama-C value analysis (presented by Virgile Prevosto, CEA-LIST)



Vulnerabilities of Java code (presented by Ernö Jegges, SEARCH-LAB)

 The course introduced the most frequent and severe programming flaws of the Java language and platform, dealing with both language-specific issues and the problems stemming from the runtime environment. Gaining experience in using security components and understanding of different security-relevant bugs - both in the Web domain and the desktop domain - was supported by a number of hands-on exercises through which participants could try out the discussed issues for themselves. While Java is considered to be a safe platform, the course made it clear that there is still much to be aware of.


The Frama-C deductive proof system (presented by Jens Gerlach, Fraunhofer)



Gena Taint

This video shortly presents a preliminary version of Gena-Taint, a new Frama-C plug-in developed in STANCE, and implementing a security taint analysis on source code.
This R&D prototype is still an on-going development, and is experimented on some STANCE use cases, to detect potential tainted data flows used by vulnerable functions.




Cursor Method Presentation