Software Security Projects : pentesting and static analysis
Project 1 had the goal of understanding the principles of (black-box) Security Testing and Correctness of Software.
- Phase 1: it was analysed an application, identified its vulnerabilities, and provided Proof of Concepts (PoCs) that show the presence of the identified vulnerabilities.
- Phase 2: it was provided the source code of the application and the issues found in phase 1 were addressed and fixed.
Project 2 had the goal of understanding the problem "Discovering vulnerabilities in JavaScript web applications".
- Part 1: it was developed and evaluated a static analysis tool for identifying data and information flow violations that are not protected in a program.
- Part 2: the tool was analysed and a report was made describing how the tool works, its strengths and limitations.