Tuesday, August 30, 2011

CSSLP class - Implementation III and Review

I missed the beginning of this class because I had no internet access at home; thanks to hurricane Irene. I was able to wirelessly tether one of my old laptops to my Droid X phone and get access to the class around 1945; so 45 minutes into it. It just so happens that last week the power button on my current laptop broke, so I can't get it powered on. Furthermore, I forgot my work laptop at the office. So, multiple problems all coalessing.

Extra from our instructor Mr. Franke, at the beginning of class:

Mantra Security Toolkit - Free & Open Source Browser-Based Security Framework
www.darknet.org.uk/2011/01/mantra-security-toolkit-free-open-source-browser-based-security-framework

Also, he talked about the latest article that was front and center on the home page: WebSurgery - Web Application Security Testing Suite
http://www.darknet.org.uk/2011/08/websurgery-web-application-security-testing-suite/

Started at slide 13

Code Protection
  • Code Access Security
    • declarritive vs. programmatic or imperative
  • Anti-Tampering
Code Obfuscation

see www.9rays.net/Category/55-spicesnet-obfuscator.aspx

Reverse Engineering

Code Signing
- delayed signing

talked a little about the Android marketplace and malicious code

Mobile Code
  • protection
    • digital shrink-wrap (code signing)
    • sandboxing
    • DIACAP/STIG: APP3700-APP3750
Build Environment









Posted by at No comments:
Subscribe to: Posts (Atom)