This lecture explores important terminology such as vulnerability, exploit and ‘0day’. It considers the lifecycle of vulnerabilities and discusses responsible disclosure. It explores the use of code reviews, checklists and dedicated security analysis tools to identify vulnerabilities in source code. It also discusses why security testing is different from normal functional testing of software, and how software development processes can be modified to avoid introducing vulnerabilities in the first place.

• Lecture video
• Slides (PDF)
• Code examples
• Other resources:
  • Common Vulnerabilities and Exposures, the authoritative numbered list of public vulnerabilities
  • Common Weakness Enumeration: a community-developed list of vulnerability types
  • US-CERT, a US government-funded hub for cybersecurity information
  • UK’s National Cyber Security Centre
  • Flawfinder: a static analyser for C & C++, written in Python
  • RATS ‘Rough Auditing Tool for security’
  • Splint, a ‘secure programming lint’ (for C only)
  • FindSecBugs plug-in for the Java tool SpotBugs
  • Meta’s Infer & Pysa tools
  • Holodeck source code on GitHub
  • libfiu, a C library for fault injection in the POSIX API