Felix Schuckert
Ph.D. started in: 2016
Expected year of graduation: 2020
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Hanno Langweg, Basel Katt
Links:
Research area: Secure Software
Project title: Opportunities of Insecurity Refactoring for Training and Software Development
Project description: Static code analysis is trying to detect all kinds of issues and vulnerabilities. The tools do not detect all security vulnerabilities and they are producing false positives as well. Developers require software security skills to review these reports to distinguish between a false positive and a true positive. Typical training of these skills requires manually created exercises to teach all kinds of
vulnerabilities. This project will research about insecurity refactoring. Insecurity refactoring is a refactoring method where source code will be refactored such that vulnerabilities will be created. The normal usage of the program will not be changed. This source code can be used for different training sets. It can be used to teach students and software developers explicit vulnerabilities. It will show how such vulnerabilities can occur and they can be exploited to get the knowledge about of the impact. The use of source code analysis tools can be taught as well by having project with large code bases. This research will point out what opportunities will be enabled by insecurity refactoring. It will mainly focus on the training of software security skills. But it will also include the use as trainings sets for machine learning or the use as benchmarks for static code analysis. Insecurity refactoring will improve today’s training methods by providing a wide range of exercises and different applications.
- Felix Schuckert, Basel Katt, Hanno Langweg (2020). Difficult XSS Code Patterns for Static Code Analysis Tools
- Felix Schuckert, Max Hildner, Basel Katt, Hanno Langweg (2018). Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox
- Felix Schuckert, Max Hildner, Basel Katt, Hanno Langweg (2018). Source Code Patterns of Cross Site Scripting in PHP Open Source Projects
- Felix Schuckert, Basel Katt, Hanno Langweg (2017). Source Code Patterns of SQL Injection Vulnerabilities
- IMT6007 COINS IT Security Exercise (NTNU), 5 ECTS, 2018
- IMT6002 COINS Winter School (NTNU), 3 ECTS, 2017
- IMT6004 COINS Workshop (NTNU), 1 ECTS, 2016
- COINS PhD student seminar 2020, Zoom, Zoom, 2020
- COINS Finse winter school, Finse, Norway, 2017
- COINS/SWITS Ph.D. student seminar, Oslo, Norway, 2017
- COINS summer school, Metochi, Greece, 2017
- COINS Ph.D. student seminar, Bergen, Norway, 2016
- NISK, Bergen, Norway, 2016