After successful completion of the course, students are able to discover and attack common software security vulnerabilities and to avoid common pitfalls during the development phase. The aim is to provide hands-on experience in the sort of attacks and protections found in the real world. More specifically, students will be given access to a safe environment where to interact with realistic applications containing ad-hoc vulnerabilities. The LVA offers practical exercises and follow-up materials to complement the topics presented during the Introduction to Security (VU) course.

Introduction

• Python and bash scripting
• Tools for binary and web exploit development

System Security

• Buffer/stack overflow
• Circumventing overflow mitigation techniques
• Return-oriented programming (ROP)

Web Security

• Server-side code injection techniques
• Client-side injections and mitigation bypasses
• Cross-site request forgery attacks and countermeasures
• Browser side-channels

Network and Protocol Security

• Cryptographic protocols

In this semester the course is held in distance learning format. Video lectures covering the topics of the course will be published in TUWEL and we will offer Q/A sessions, in which students can ask questions regarding the contents of the lectures. Students are required to complete practical assignments through which they can assimilate the concepts learned during the course. The release schedule of videos and assignments can be found in TUWEL.

ECTS Breakdown

3 ECTS = 75h

• 8h   video tutorials and Q/A sessions
• 67h self-study and projects development

Students are required to solve practical assignments, which are mostly focused on the implementation of the attacks presented during the course. The final grade of the course is based on reports in which students explain how they solved the proposed problems and what are the possible security countermeasures.