Classic Vulnerabilities

This month we have the great pleasure to welcome Patricia Aas to our user group. Patricia is the co-founder of TurtleSec, where she works in the intersection of programming and security. She has programmed in C++ for 17 years working on everything from embedded to browsers. These days she is also teaching C++, in addition to teaching folks to break C++ applications and coding for clients.

***
Abstract:
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.

***
Lightning Talk: Teaching Software Engineering As Programming Over Time
Speaker: Markus Hofbauer

Abstract:
Programming and software engineering differ by the aspect of time and scale. Going beyond just implementing software that fulfills requirements, software engineering also means writing code that can be maintained by multiple contributors over months, years or even decades. Due to the limited time of university projects, students mainly learn to focus on writing software that works once. In industry, software lifetime is longer and the aspect of time becomes highly relevant. Professional software must be readable and modular to be maintainable. In this talk, we present an experience report on a novel university course in software engineering. The course teaches the concepts of unit testing, refactoring, and automation tools to novices with basic programming experience. We present those concepts for the example of C++, but they are applicable to any programming language. Our goal is to teach students the key concepts of software engineering early on, giving them the opportunity to benefit from these concepts in their further projects. We present these concepts in five plenary lectures with live coding sessions, and then student teams apply the concepts in five practical homework assignments. All assignments contribute to a single project maintained and improved by the student groups for the duration of the course. Additionally, we present a teaching tool framework that can be used to automate tasks for student project management and examinations. Finally, we discuss the lessons learned from conducting this course for the first time. We believe this course is a valuable step towards including essential software engineering skills in the education of science and engineering students.

***
Schedule:
19:00 (CET) -- Begin of the videostream
19:05 (CET) -- Lightning Talk by Markus Hofbauer
~19:20 (CET) -- Main talk by Patricia Aas