Who should attend: Developers or development managers interested in learning about the types of security problems that often crop up in applications and systems. This tutorial will assume some knowledge of networking and C programming under UNIX-like operating systems.

Are you writing security critical software? Increasingly, applications are being fielded over public networks, which are not even close to adequately protected against malicious interference. Simply throwing cryptography into your applications is not enough; if it is going to work, security must be designed in. This tutorial provides a technical overview of how applications typically fail in the field, and the basic principles to apply when designing your own security critical application.

Topics covered include:

	Paranoia  The communications security environment  Designing to the appropriate level  How do applications fail?
	Building security  Properties of security  Basics of security design
	Tricks, techniques (and mistakes)  File I/O  Calling processes  Chroot  Setuid
	Tools  Crypto basics  Why crypto is no panacea  Authentication techniques  Hash codes  State preservation techniques  Public key, secret key, and all that  Getting random numbers