Securing your network is not enough. Every service that you deploy is a window into your data center from the outside world—a window that could be exploited by an attacker. Bart Miller and Elisa Heymann explain how to minimize the security flaws in the software you develop or manage.
Bart and Elisa focus on the programming practices that can lead to security vulnerabilities and automated tools for finding security weaknesses. Using interactive secure coding quizzes—synthesized versions of vulnerabilities found in real grid/cloud software—you’ll be challenged to find as many vulnerabilities as you can in short code fragments. Bart and Elisa then dive into what you find (or don’t).
Barton Miller is a professor of computer sciences at the University of Wisconsin, the chief scientist for the DHS Software Assurance Marketplace research facility, and software assurance lead on the NSF Cybersecurity Center of Excellence. Bart also codirects the MIST software vulnerability assessment project in collaboration with his colleagues at the Autonomous University of Barcelona and leads the Paradyn Parallel Performance Tool project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. In 1988, Bart founded the field of fuzz random software testing—the foundation of many security and software engineering disciplines—and in 1992, working with his then-student Jeffrey Hollingsworth, founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation,” which forms the basis for his current efforts in malware analysis and instrumentation. His research interests include systems security, binary and malicious code analysis and instrumentation of extreme-scale systems, parallel and distributed program measurement and debugging, and mobile computing. Bart’s research is supported by the US Department of Homeland Security, the Department of Energy, the National Science Foundation, NATO, and various corporations.
Elisa Heymann is a senior scientist within the NSF Cybersecurity Center of Excellence at the University of Wisconsin and an associate professor at the Autonomous University of Barcelona, where she codirects the MIST software vulnerability assessment. Elisa was also in charge of the Grid/Cloud Security Group at the UAB and participated in two major European grid projects: EGI-InSPIRE and the European Middleware Initiative (EMI). Elisa’s research interests include security and resource management for grid and cloud environments. Her research is supported by the NSF, the Spanish government, the European Commission, and NATO.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org