Lecture 17: Managing & Avoiding Vulnerabilities

This lecture explores important terminology such as vulnerability, exploit and ‘0day’. It considers the lifecycle of vulnerabilities and discusses responsible disclosure. It explores the use of code reviews, checklists and dedicated security analysis tools to identify vulnerabilities in source code. It also discusses why security testing is different from normal functional testing of software, and how software development processes can be modified to avoid introducing vulnerabilities in the first place.