Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Will Dormann
April 2018 - Presentation Keep it Like a Secret: When Android Apps Contain Private Keys

Authors: Will Dormann

This presentation was given by Will Doorman, member of the CERT Technical staff, at the 2018 BSidesSF Conference on April 15 and April 16, 2018 at the City View at Metreon.

June 2016 - Presentation CERT BFF: From Start to PoC

Topics: Vulnerability Analysis

Authors: Will Dormann

This presentation describes the CERT Basic Fuzzing Framework (BFF) from start to PoC.

November 2015 - Webinar Web Traffic Analysis with CERT Tapioca

Topics: Vulnerability Analysis

Authors: Will Dormann

Will Dormann discusses a tool that shows whether a connection to the web is secure and what information is being transmitted.

August 2015 - Presentation How We Discovered Thousands of Vulnerable Android Apps in 1 Day

Topics: Vulnerability Analysis

In this presentation, we will describe our methodology in discovering these vulnerabilities, and recommend mitigation strategies for both developers and users.

May 2014 - Webinar Heartbleed: Analysis, Thoughts, and Actions

Topics: Network Situational Awareness, Secure Coding

Panelists discussed the impact of Heartbleed, methods to mitigate the vulnerability, and ways to prevent crises like this in the future.

April 2012 - Technical Note Source Code Analysis Laboratory (SCALe)

Topics: Secure Coding

In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.

December 2010 - Technical Report Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems

Topics: Secure Coding

In this report, the authors describe the Source Code Analysis Laboratory (SCALe), which tests software for conformance to CERT secure coding standards.

November 2010 - Presentation As-If Infinitely Ranged Integer Model

Topics: Secure Coding

This ISSRE 2010 paper describes the AIR Integer model for eliminating vulnerabilities resulting from integer overflow, truncation, and unanticipated wrapping.

May 2010 - Podcast The Power of Fuzz Testing to Reduce Security Vulnerabilities

In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities.

April 2010 - Technical Note As-If Infinitely Ranged Integer Model, Second Edition

Topics: Secure Coding

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.

February 2010 - White Paper Instrumented Fuzz Testing Using AIR Integers (Whitepaper)

Topics: Secure Coding

In this paper, the authors present the as-if infinitely ranged (AIR) integer model, which provides a mechanism for eliminating integral exceptional conditions.

February 2010 - Presentation Instrumented Fuzz Testing Using AIR Integers (Presentation)

Topics: Secure Coding

In this February 2010 presentation, Will Dormann and Robert Seacord describe how to conduct instrumented fuzz testing using as-if infinitely ranged integers.

January 2008 - White Paper Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing

Topics: Vulnerability Analysis

In this 2008 paper, the authors explore results of a test of a large number of Active X controls, which provides insight into the current state of ActiveX security.