patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 8 Packages Projects Releases Wiki Activity

doc: security: Add information about Open Security Training

Browse source 
Add information and links for open source security training.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2024-03-18 12:55:08 -07:00 committed by Anas Nashif
parent f207cfec54
commit 9c27b21ecb
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
doc/security/secure-coding.rst
View file

@ -206,6 +206,13 @@ injection, OS injection, classic buffer overflow, cross-site
scripting, missing authentication, and missing authorization. See the
`CWE/SANS top 25`_ or `OWASP Top 10`_ for commonly used lists.
A free class from the nonprofit OpenSecurityTraining2 for C/C++ developers
is available at `OST2_1001`_. It teaches how to prevent, detect, and
mitigate linear stack/heap buffer overflows, non-linear out of bound writes,
integer overflows, and other integer issues. The follow-on class, `OST2_1002`_,
covers uninitialized data access, race conditions, use-after-free, type confusion,
and information disclosure vulnerabilities.
.. Turn this into something specific. Can we find examples of
mistakes. Perhaps an example of things static analysis tool has sent us.
@ -213,6 +220,10 @@ scripting, missing authentication, and missing authorization. See the
.. _OWASP Top 10: https://owasp.org/www-project-top-ten/
.. _OST2_1001: https://ost2.fyi/Vulns1001
.. _OST2_1002: https://ost2.fyi/Vulns1002
Zephyr Security Subcommittee
============================