Projects
PA193 – Secure coding
Petr Švenda
Zdeněk Říha
Faculty of Informatics, Masaryk University, Brno, CZ
Projects – second part
• Section A
– Code review of the source code of your colleagues
– 10 points
• Section B
– Code check of an open source project
– 10 points
• Both sections presented in last seminar
2 I
Section A
• Take the code of your colleagues
– The code is available in IS
• Review the code
• Try to attack the code
– i.e. find problematic inputs
• Your results:
– Report – one page (A4) document
• Deadline (IS submission): Dec 16, 2015 24:00
– Presentation at the last seminar
• By a random team member
3 I
Overview of groups
4 I
Group Members Reviewed by Part 1
A Dalei, Dilip Kumar Lambani, Gudani Prakash, Shubhendu B PCAP
B Das, Manoja Kumar Singh, Harshit Kumar C MP3
C Paulík, Martin Mishra, Surya Prakash Goud, Bathini Shinivas D TAR GZ
D Chandel, Sandeep Kumar Mnisi, Verah Tsakani Pal, Rajesh Kumar A bibtex (.bib)
E x
F Bhattacharya, Tanay Mmokwa, Aobakwe Alloycius Vishwakarma, Deepak Kumar G BMP
G Bishoi, Susil Kumar Laštovička, Martin H HTML5
H Haran, Himanshu Kumar Nengwenani, Mpho Cavin Yadav, Ravi Shankar I Intel hex
I Haware, Ameet Kumar Tamrakar, Neelesh Kumar F GIF
J x
K Babej, Tomáš Šuška, Boris Wittner, Rudolf L XML in UTF8
L Bartoš, Milan Kotvan, Peter Plch, Matěj M JSON for Docker Image Specs
M Melšová, Zuzana Možucha, Jakub Švábenský, Valdemar N JPG
N Gajdár, Michal Kollár, Roman K X.509 cert in DER
O Baesso, Andrea Horák, Martin Nutár, Ivo P PNG
P Bustreo, Paolo Komárek, David Viluda, Ľubomír R JSON for floorball
R Kuníková, Lenka Mosnáček, Ondrej Obrátil, Ľubomír O iCalendar
Section B
• Code checking
– Select a project from SourceForge, GitHub or Codeplex
• min. 50k lines of code
• write your decision to zriha@fi.muni.cz and wait for
approval
– Check with Cppcheck and/or PREFast and other suitable
tools
– Report
• max. 2 pages A4
• Deadline (IS submission): Dec 16, 2015 24:00
– Presentation
• By a random team member
5 I
Project reports
• Join the seminar group as usual
• Presentations: 5 minutes (sharp) each section
– By a random team member
• NEW: PPT or PDF slides allowed
– Upload into IS together with other files in advance
• Deadline Dec 16 by 24:00 to put files into the IS
– 1 page A4 from section A
• What tests did you perform (automated tests, manual review),
what did you focus on, what did you find out.
– 1-2 pages A4 for report from section B
• What project you reviewed, what does the SW do, which tools
you used, what are your results, did you provide feedback to the
developers?