forked from HugoBlox/theme-academic-cv
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Anna
committed
Jun 3, 2023
1 parent
0b9af86
commit cafa21f
Showing
7 changed files
with
172 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,7 +5,7 @@ | |
|
|
||
| # Appearance | ||
|
|
||
| theme: wak | ||
| theme: classic | ||
| day_night: true | ||
| font: 'Rose' | ||
| font_size: L | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| --- | ||
| # Documentation: https://wowchemy.com/docs/managing-content/ | ||
|
|
||
| title: "Workshop: Application Security @ GopherCon" | ||
| event: "GopherCon 2022" | ||
| event_url: "https://gophercon.com" | ||
| location: "Online [Workshop]" | ||
| address: | ||
| street: | ||
| city: | ||
| region: | ||
| postcode: | ||
| country: | ||
| summary: | ||
| abstract: "## Description | ||
| This workshop is for all gophers who not only want to build cool applications, but also want to include security into them. Application security is a complex topic and can be hard to get into, so we will start by taking the first steps into the rabbit hole of (Go) security. Together, we will start with a very simple web application, learn basic security concepts, and focus on how to reinforce our application against attacks in an easy way. To achieve this goal, Anna-Katharina will explain the necessary information of an attack to conduct it. Once you find the vulnerability, we will work together to fix the issue and move forward. By the end of the workshop, you will have a simple web application that is protected against basic web security attacks, like CSRF or SQL Injection, and supply chain attacks. | ||
| ## What a student is expected to learn | ||
| Students will learn how to reinforce a simple (web) application in Go against basic web security attacks (e.g. CSRF), and pin their dependencies to avoid supply chain attacks. Furthermore, a student will have the chance to run a static analysis against their code base to check for some of the vulnerabilities. During the workshop, every student will be challenged to reflect on their code and understand the diversity and complexity of security. | ||
| ## Prerequisites | ||
| A basic understanding of the Go programming language. Students do not have to be expert Go users, but they are expected to have completed the majority of the Go Tour. An understanding of the basics of web applications is advantageous to easily dig into the code base." | ||
|
|
||
| # Talk start and end times. | ||
| # End time can optionally be hidden by prefixing the line with `#`. | ||
| date: 2022-10-06T00:00:00+00:00 | ||
| # date_end: 2022-05-16T21:56:12+02:00 | ||
| all_day: true | ||
|
|
||
| # Schedule page publish date (NOT event date). | ||
| publishDate: 2022-09-20T20:56:12+02:00 | ||
|
|
||
| authors: [anna] | ||
| tags: [security, golang, GopherConEU, workshop, SQLInjection, misc] | ||
|
|
||
| # Is this a featured event? (true/false) | ||
| featured: true | ||
|
|
||
| # Featured image | ||
| # To use, add an image named `featured.jpg/png` to your page's folder. | ||
| # Focal points: Smart, Center, TopLeft, Top, TopRight, Left, Right, BottomLeft, Bottom, BottomRight. | ||
| image: | ||
| caption: "" | ||
| focal_point: "" | ||
| preview_only: false | ||
|
|
||
| # Custom links (optional). | ||
| # Uncomment and edit lines below to show custom links. | ||
| # links: | ||
| # - name: Follow | ||
| # url: https://twitter.com | ||
| # icon_pack: fab | ||
| # icon: twitter | ||
|
|
||
| # Optional filename of your slides within your event's folder or a URL. | ||
| url_slides: | ||
|
|
||
| url_code: | ||
| url_pdf: | ||
| url_video: | ||
|
|
||
| # Markdown Slides (optional). | ||
| # Associate this event with Markdown slides. | ||
| # Simply enter your slide deck's filename without extension. | ||
| # E.g. `slides = "example-slides"` references `content/slides/example-slides.md`. | ||
| # Otherwise, set `slides = ""`. | ||
| slides: "" | ||
|
|
||
| # Projects (optional). | ||
| # Associate this post with one or more of your projects. | ||
| # Simply enter your project's folder or file name without extension. | ||
| # E.g. `projects = ["internal-project"]` references `content/project/deep-learning/index.md`. | ||
| # Otherwise, set `projects = []`. | ||
| projects: [] | ||
| --- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| @article{wickert2022tofixornottofix, | ||
| title={To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild}, | ||
| author={Wickert, Anna-Katharina and Baumg{\"a}rtner, Lars and Schlichtig, Michael and Narasimhan, Krishna and Mezini, Mira} | ||
| year={2022}, | ||
| note={accepted at TRUSTCOM'22}, | ||
| pages={8} | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| --- | ||
| title: "To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild" | ||
|
|
||
| # Authors | ||
| # If you created a profile for a user (e.g. the default `admin` user), write the username (folder name) here | ||
| # and it will be replaced with their full name and linked to their profile. | ||
| authors: | ||
| - anna | ||
| - Lars Baumgärtner | ||
| - Michael Schlichtig | ||
| - Krishna Narasimhan | ||
| - Mira Mezini | ||
|
|
||
|
|
||
| date: "2022-10" | ||
| #doi: "" | ||
|
|
||
| # Schedule page publish date (NOT publication's date). | ||
| publishDate: "2022-09-20T00:00:00Z" | ||
|
|
||
| # Publication type. | ||
| # Legend: 0 = Uncategorized; 1 = Conference paper; 2 = Journal article; | ||
| # 3 = Preprint / Working Paper; 4 = Report; 5 = Book; 6 = Book section; | ||
| # 7 = Thesis; 8 = Patent | ||
| publication_types: ["1"] | ||
|
|
||
| # Publication name and optional abbreviated publication name. | ||
| publication: In *2022 IEEE 21th IEEE International Conference on Trust, Security and Privacy in Computing and Communications* | ||
| publication_short: In *TRUSTCOM'22* | ||
|
|
||
| abstract: Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity of the findings, our objective was to understand the findings in more depth. We analyzed a set of 936 open-source Java applications for cryptographic misuses. Our study reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs securely. Through our manual analysis of a random sample, we gained new insights into effective false positives. For example, every fourth misuse of the frequently misused JCA class MessageDigest is an effective false positive due to its occurrence in a non-security context. As we wanted to gain deeper insights into the security implications of these misuses, we created an extensive vulnerability model for cryptographic API misuses. Our model includes previously undiscussed attacks in the context of cryptographic APIs such as DoS attacks. This model reveals that nearly half of the misuses are of high severity, e.g., hard-coded credentials and potential Man-in-the-Middle attacks. | ||
|
|
||
| # Summary. An optional shortened abstract. | ||
| # summary: Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis posuere tellus ac convallis placerat. Proin tincidunt magna sed ex sollicitudin condimentum. | ||
|
|
||
| tags: [cryptography, API misuse, static analysis, false positives] | ||
|
|
||
| # Display this page in the Featured widget? | ||
| featured: false | ||
|
|
||
| # Custom links (uncomment lines below) | ||
| # links: | ||
| # - name: Custom Link | ||
| # url: http://example.org | ||
|
|
||
| url_pdf: '' | ||
| url_code: '' | ||
| url_dataset: 'https://doi.org/10.6084/m9.figshare.21178243' | ||
| url_poster: '' | ||
| url_project: '' | ||
| url_slides: '' | ||
| url_source: '' | ||
| url_video: '' | ||
|
|
||
| # Featured image | ||
| # To use, add an image named `featured.jpg/png` to your page's folder. | ||
| # image: | ||
| # caption: 'The overview slide from the presentation presenting an insecure code example, the approach to create the data set, the evaluation results, and future research ideas as well as the URL to the data set.' | ||
| # focal_point: "" | ||
| # preview_only: false | ||
|
|
||
| # Associated Projects (optional). | ||
| # Associate this publication with one or more of your projects. | ||
| # Simply enter your project's folder or file name without extension. | ||
| # E.g. `internal-project` references `content/project/internal-project/index.md`. | ||
| # Otherwise, set `projects: []`. | ||
| # projects: | ||
| # - example | ||
|
|
||
| # Slides (optional). | ||
| # Associate this publication with Markdown slides. | ||
| # Simply enter your slide deck's filename without extension. | ||
| # E.g. `slides: "example"` references `content/slides/example/index.md`. | ||
| # Otherwise, set `slides: ""`. | ||
| # slides: example | ||
|
|
||
| # {{% callout note %}} | ||
| # Click the *Cite* button above to demo the feature to enable visitors to import publication metadata into their reference management software. | ||
| # {{% /callout %}} | ||
| # | ||
| # {{% callout note %}} | ||
| # Create your slides in Markdown - click the *Slides* button to check out the example. | ||
| # {{% /callout %}} | ||
| # | ||
| # Supplementary notes can be added here, including [code, math, and images](https://wowchemy.com/docs/writing-markdown-latex/). | ||
| --- |