Tema 2 - Vulnerabilidades software

• software seguro /ppt
• sql injection:
  • http://sqlidemo.altervista.org/ /demo /video
  • SQLi demo /ppt
  • SQLi demo /demo /zip
  • https://www.youtube.com/watch?v=TlTMDw1KD_8 /demo /video
• os injection:
  • osi_2.mp4 /demo /video
  • https://www.youtube.com/watch?v=aFUZLA0f2KE /demo /video
• buffer overflow:
  • stack smash /ppt
  • stack_smash.mp4 /video
• XSS - cross site scripting:
  • stored (persistent) /video
  • reflected /video
  • DOM-based /video
• CSRF - cross-site request forgery
  • CSRF /video

Entornos aprendizaje

• WebGoat: https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
• DVWA: http://www.dvwa.co.uk

• ZAP: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Libros

• "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them." M. Howard et al. McGraw-Hill Education (2009)

• "19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (Security One-off)." M. Howard et al. McGraw-Hill (2005)

• "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws." D. Stuttard. Wyley India; 2nd. ed. (2011)

• "Software Security. Building security in." G. McGraw. Addison-Wesley (2006)

Documentos

• NISTIR 8151 - Dramatically Reducing Software Vulnerabilities. Report to the White House Office of Science and Technology Policy. Draft, Oct. 2016. http://csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8153

Sites

• 2011 CWE/SANS Top 25 Most Dangerous Software Errors. http://cwe.mitre.org/top25/

• CERN. Static Code Analysis Tools. https://security.web.cern.ch/security/recommendations/en/code_tools.shtml