Skip to content

Software Security.md

Latest commit

 

History

History
64 lines (38 loc) · 4.75 KB

Software Security.md

File metadata and controls

64 lines (38 loc) · 4.75 KB

Software Security

[TOC]

Res

Related Topics

The Essence of Computing - Programs & The Semantics of Programs

Software TestingVulnerability Exploration(漏洞利用)

Operating System & OS Kernel (Theory Part)Operating Systems & Kernels (Engineering Part)

Application Security

Software Engineering

AI4SecurityLLM For Security

Papers & Research

Learning Resources

https://nebelwelt.net/SS3P/ Welcome to Software Security: Principles, Policies, and Protection (SS3P), a free book about software security. SS3P focuses on basic software security principles, secure software development from design over implementation to testing, software security policies (with a focus on memory and type unsafe language like C/C++), defense strategies with a focus on verification, testing, and mitigation, attack vectors, and reverse engineering. The different chapters are augmented with several case studies.

This book is, was, and always will be free and openly accessible. If you reference the book, please link to this page, the SS3P PDF, or SS3P epub so that your readers will always get the most recent version.

Topics

  • Software and System Security Principles: from basic security properties to assess the security of a system like Confidentiality, Integrity, and Availability to Isolation, Least Privilege, Compartmentalization, and Threat Modeling with a stint into the discussion on differences between bugs and vulnerabilities.
  • Secure Software Life Cycle: integration of security into design, implementation, and testing of a software project and how to continuously keep track of a software's security properties throughout the life time of the project.
  • Memory and Type Safety: the two core policies that cause the majority of exploitable vulnerabilities on current systems. Understand the definitions and implications regarding performance and security.
  • Attack Vectors: understand the goals of an attacker and how these goals may be achieved starting from a program crash.
  • Defense Strategies: verify if the complexity of the code is manageable, test as much as you can, and leverage mitigations to constrain the attacker on the remaining attack surface.
  • Case Studies: end to end discussion of web security (including the browser security model) and mobile security.
  • Appendix: discussion on shellcode development and reverse engineering.

Other Resources

Intro

malicious_code_detection.excalidraw | 800

Language_and_Programming_Language_Processing | 800

application_execution_and_computer_data_flow.excalidraw | 800

Software (Program) Techniques & Binary EngineeringProgram Analysis Basics

Ref