What to bring:
Students must bring their own laptop with mono 1.1.10 (http://www.mono-project.com) installed on their windows or Linux machines for the coding aspect of the class if they want to participate. Participation in coding is not required.
|
Static analysis of code is a hot topic right now, but how does it work? how does it not work? how does one evaluate a static analysis tool for effectiveness? This course, taught by implementors of these technologies will introduce students to static analysis concepts and their application through lecture and programming exercises. Whether you are deeply technical and are interested in creating tools, or not as technical and want an advantage over vendors and consultants selling these capabilities, this class will give you what you need.
Prerequisites:
C/C++/C#/Java programming knowledge required; knowledge of one assembly language (x86, SPARC, Java, etc) recommended but not required. Familiarity with compiler design concepts a plus.
The student should have an understanding of most of the following concepts and technologies:
- reading any platform's assembly language
- application security vulnerabilities (overflows, SQL Injection, etc)
- insecure coding bugs that lead to vulnerabilities
Users should have mono 1.1.10 (http://www.mono-project.com) installed on their windows or Linux machines for the coding aspect of the class if they want to participate. Participation in coding is not required.
|
Trainer:
|
Matt Hargett has over 8 years of experience in various aspects of network and application security, from managing product development to finding a broad range of exploitable bugs inoperating systems and applications. Most recently, he created the product BugScan which analyzed binaries for, and found several, novel exploitable security vulnerabilities. He is now working to educate security researchers and practitioners on applying public research and information toward building and evaluating static analysis tools and products.
|