ari/research-school-2024
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
research-school-2024/writeups/plan.md
Ari Archer e4dd9ccb2a
 Move the markdown mess to a writeups subdirectory. 
Signed-off-by: Ari Archer <ari@ari.lt>
2024-12-05 00:48:27 +02:00

2.4 KiB
Raw Permalink Blame History

  1. Research phase

I will be researching and identifying common vulnerabilities in general programming as well as web development. In the process of research, I will be developing various guidelines for identifying and mitigating the found vulnerabilities, for instance, identifying code sections, indication of potential issues, and suggesting possible remediation techniques.

Following the research phase, I will be following the following methodology:

  1. Review my literature. This will include academic papers, industry reports, online reports, independent researchers' findings, as well as various other vulnerability tracking records.
  2. Conduct research on experienced other programmers online, for instance, by posting it online asking for people to contribute.
  3. Analyse all collected data and literature, drawing conclusions from the findings.

At the end of this phase, we are expected to have a detailed report outlining common vulnerabilities as well as corresponding guidelines for mitigation, as well as a checklist which can be utilised by developers during the software development cycle.

  1. Practical implementation

To better understand my area research I will be practically exploring various issues based on my research. For instance,

  1. Looking into open source code repositories that don't get that much security code review, trying to contribute more secure code in various FL/OSS repositories.
  2. Prepare a presentation about various secure programming practices and present it.
  3. Design coding assignments participants must intentionally introduce vulnerabilities into sample projects or fix already insecure code, and then apply the developed guidelines to identify and fix these issues.
    • We're going to do things with uni students rather than school. Teach basic Python Flask.

For this stage I will be utilising various tools and social platforms such as GitHub and social networks.

  1. Application of findings

During this stage, I will be collecting everything I found thus far, and trying to test the success of my project and goals. I will be testing students' ability to recognise security vulnerabilities in code, and seeing how my research may have improved their perception of secure coding practices.

After all of this, I plan to release all my research and findings under an open source license to be freely used and derived from by anyone around the world, as well as release an article summarising all my experience.

  • Present the presentation.