The software security module to start of the second year focused on application attacks, how to identify them and how to mitigate them. We used a CLI-based tool to parse a script made in the C programming language, which identified potential vulnerabilities, and also provided solutions on whats best to implement.

Similarly, a web application pentest was performed using OWASP ZAP, this also in comparison to the CLI program flawfinder, provided a comprehensive outlook on the discovered web based vulnerabilities & provided explanation of the vulnerabilities by clicking on the links.

For both instances, I was also tasked to implement the relevant mitigations, which span across from using secure functions and libraries that were resistant to buffer overflows. A similar approach was made regarding the web application, to remediate the potential clickjacking (XSS) vulnerabilities & cookie hijacking attacks (CRSF).

Here is a list of some of the main concepts that were covered in this module:

• C-based Applications Vulnerabilities
• Web Application Vulnerabilities
• Security Testing & Vulnerability Management
• Secure Software Design
• Attack Vectors