Introduction
Lecture
- Intro slides
- Vulnerability disclosure and ethics slides
Homework
The homework for this section is related to vulnerability disclosure and attempts to get students to think about the larger picture of how vulnerabilities are used in a modern context. To that end, students must answer the following questions about a hypothetical vulnerability they have identified in a real application.
- For what reasons would you want to post details of the vulnerability on the internet, either without notifying the vendor or before they were able to issue a patch?
- For what reasons would you want to notify the vendor and refuse to release public details of the vulnerability until either the patch or released or some time afterward?
- Identify a previously reported vulnerability in the application you picked and describe who found it, how it was reported, and a timeline of major events about it.
- How does this vendor accept reports of vulnerability information? What is their established process for dealing with vulnerabilities (if any)?
Required Reading
- Watch two intro videos about intrusions performed via web application and client-side flaws
- Jon Cran's slides from ISU
Discussion
Share Article Archive
Fall 2010
- My slides and Jon Cran's slides from ISU
- Intro videos about intrusions performed via web application and clientside flaws
Fall 2009
The demo from this presentation is documented in the blog entries, Patching and Hooking Students.
Spring 2009
This is the intro material I recorded for the Fall 2008/Spring 2009 class.
