183.222 Advanced Internet Security Canceled
This course is in all assigned curricula part of the STEOP.
This course is in at least 1 assigned curriculum part of the STEOP.

2014W, VU, 2.0h, 3.0EC


  • Semester hours: 2.0
  • Credits: 3.0
  • Type: VU Lecture and Exercise

Aim of course

Advanced Internet Security (previously Internet Security 2) serves as a continuation for the class Internet Security.

The idea is to present problems in more detail and allow students to apply their knowledge in practical exercises. The lecture deals with common programming mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack overflow and format string vulnerabilities.

In order to teach the subject in the most authentic way, the lecture uses an "offensive approach": Security-related topics are viewed from an attacker's perspective and possible attack scenarios are shown. In practical challenges the students need to exploit previously discussed security vulnerabilities inside a controlled challenge-environment. This improves the students' understanding of the handled topics and guarantees that they will not make similar mistakes in own projects and allows them to actively take security measures when handling security relevant projects.

As part of the class, students are able to participate in a hacking contest in which they can prove their knowledge of security and system management by competing with their peers or, as a team, against other Universities spread around the globe.

Subject of course

The mentioned topics are tentative and can be adapted/focused based on student's interest and suggestions.

  • General Unix security: * Security model * System call * Vulnerabilities * Authentication * Shell/Environment attacks Memory Corruption
  • Buffer Overflows * Stack overflow exploitation * Format string exploitation * Heap overflow exploitation * Return-to-libc attacks * Heap-spraying attacks
  • Linux shellcode writing * Windows shellcode * Protection mechanisms
  • Windows Security * Windows security intro & overview * Security principles (Windows 95 to Windows 7) * Spyware * BHO based malware * .NET security model Race conditions * Problem introduction
  • Unix File System race conditions * Other race conditions * Computational complexity attacks * Prevention mechanisms Reverse Engineering
  • Static & dynamic reverse engineering techniques & tools
  • Malicious code analysis * Code obfuscation
  • Web Security * Advanced session attacks * Cross site request forgery (CSRF) * Browser history stealing * Intro & taxonomy * Viruses, worms, trojan horses * Botnets, command&control mechanisms

Additional information

ECTS Schlüssel (3 ECTS = 75 hours):
  • Lectures (18h)
  • Self-studies & Learning for Exams (18h)
  • Challenges (38h)
  • Exam (1h)



Examination modalities

Written. Students have to pass a certain number of practical challenges to be admitted to the written exam. Details of the grading scheme can be found on the lecture homepage.

Course registration

Begin End Deregistration end
03.09.2014 00:00 09.10.2014 13:00 03.10.2014 12:00

Registration modalities

Accounts will be automatically generated according to your TISS registration.


Study CodeObligationSemesterPrecon.Info
066 937 Software Engineering & Internet Computing Mandatory elective


The lecture slides contain all necessary information required to pass the exam. Further, they include links to extended literature and examples (e.g. available online).

Previous knowledge

Since the class will feature a number of programming exercises, students are required to have considerable programming experience. Basic knowledge of security relevant topics is expected (as taught in one of the above security lectures).

Preceding courses