After successful completion of the course, students are able to conduct planning, testing and development of secure software applications. In particular, the necessary theoretical foundations of secure programming will be applied and enhanced by practical examples.
The theoretical part of this course consists of software security testing techniques, binary analysis and hardening, language security, fingerprinting, common attack vectors and security in the development process. The course assignments aim to develop specific skills for designing and testing of secure software like web applications and protocols and exploit development.
Each lecture focuses on theoretical aspects of software security as these are detailed in the syllabus. The assignments consist of homeworks dealing with the detection of security vulnerabilities in communication protocols, binary analysis and developing models for combinatorial security testing when these are meant to emulate attack vector behavior.
Course Textbook: G. McGraw, Software Security: Building Security in, Addison-Wesley, Software Security Series, Addison-Wesley Professional, 2006
Optional Literature: D. E. Simos, R. Kuhn, A. G. Voyiatzis and R. Kacker, Combinatorial Methods in Security Testing. IEEE Computer 49, pp. 80-83, 2016
Practical assignments and two written exams (mid term and final).
Programming experience in C/C++ and/or Python would be desired.