This section shows training material that has been used within the STANCE project to train partners on basic fundamental topics.
These cover the following topics:
The complete material is project-confidential and the reader will find on this page some excerpts of the training courses held internally.
Accessing the complete videos requires an agreement with the project's partners. Please use the Contact page for this purpose
Code Vulnerabilities and Exploitation The training gave an insight into the typical C/C++ security relevant programming bugs and common security vulnerabilities, like different types of buffer overflows and their exploitation, integer handling problems, the printf format string bug, unicode bug, covert channel attacks, etc. Comprehension of the associated risks was reinforced by committing the attacks together with the participants. The specific protection measures were introduced along with the secure coding guidelines.
In this 5-minute video, Bart Jacobs, researcher at KU Leuven and lead developer of the VeriFast modular verification tool for C and Java programs, briefly introduces the VeriFast tool.
The course introduced the most frequent and severe programming flaws of the Java language and platform, dealing with both language-specific issues and the problems stemming from the runtime environment. Gaining experience in using security components and understanding of different security-relevant bugs - both in the Web domain and the desktop domain - was supported by a number of hands-on exercises through which participants could try out the discussed issues for themselves. While Java is considered to be a safe platform, the course made it clear that there is still much to be aware of.
This video shortly presents a preliminary version of Gena-Taint, a new Frama-C plug-in developed in STANCE, and implementing a security taint analysis on source code.
This R&D prototype is still an on-going development, and is experimented on some STANCE use cases, to detect potential tainted data flows used by vulnerable functions.