Special Topics: Program Analysis and Security
Lecture 13

• Software Security Basic Principles: https://nebelwelt.net/teaching/18-527-SoftSec/slides/03-basic_principles.pdf
• Memory attacks: http://www.cs.columbia.edu/~suman/security_arch/memory_attacks.pdf
• Smashing the Stack for Fun and Profit: https://insecure.org/stf/smashstack.html
• Stack smashing Tutorial:
  1. https://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/
  2. https://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/
  3. https://blog.techorganic.com/2016/03/18/64-bit-linux-stack-smashing-tutorial-part-3/
• Practice labs: http://csapp.cs.cmu.edu/3e/labs.html

https://www.cs.columbia.edu/~suman/6183_slides/program-tools.pdf

Good overview of soundness/completeness and the range of analyses: http://www.pl-enthusiast.net/2017/10/23/what-is-soundness-in-static-analysis/

Fuzz testing: https://www.fuzzingbook.org