192.112 System and Application Security
This course is in all assigned curricula part of the STEOP.
This course is in at least 1 assigned curriculum part of the STEOP.

2024S, VU, 4.0h, 6.0EC


  • Semester hours: 4.0
  • Credits: 6.0
  • Type: VU Lecture and Exercise
  • LectureTube course
  • Format: Hybrid

Learning outcomes

After successful completion of the course, students are able to understand common errors and security vulnerabilities as well as to deploy ways to detect and avoid them. Students are further able to conduct planning, testing and development of secure software applications. They gain a deeper understanding about the root causes of those errors and vulnerabilities by exploiting them themselves in a controlled environment, as well as apply principles of secure programming in practical examples. As a result, students are able to actively avoid these vulnerabilities and implement appropriate security measures in security relevant projects.

Subject of course

The lecture deals with common errors and vulnerabilities across OS and application layers as well as ways to detect and avoid them. Examples are used to highlight the general error classes and how they can be abused. Furthermore, software security testing techniques and binary analysis techniques are presented to detect vulnerabilities in applications and protocols and secure the development process.

In order to teach the subject in the most authentic way, the lecture uses a mostly "offensive approach": Security-related topics are viewed from an attacker's perspective and possible attack scenarios are shown. In practical challenges the students need to exploit previously discussed security vulnerabilities inside a controlled challenge-environment. This improves the students' understanding of the handled topics and helps them to prevent similar mistakes in own projects and allows them to actively take security measures when handling security relevant projects.

Please note that this course substitutes the two previous courses Advanced Internet Security as well as Software Security. In case you already finished both of these courses, you can not use Systems- and Application-Security for your degree.


Teaching methods

  • Lectures with slides and live demonstrations
  • Live online discussions of course topics
  • Accompanying challenges as homework assignments

Mode of examination


Additional information

ECTS Breakdown (6 ECTS = 150 hours)

Lectures (20h)
Online Discussions, Self-studies (38h)
Challenges (90h)
Exam (2h)



Course dates

Wed13:00 - 15:0006.03.2024 - 26.06.2024EI 2 Pichelmayer HS - ETIT Lecture
System and Application Security - Single appointments
Wed06.03.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Introductory Lecture + Schedule
Wed13.03.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed20.03.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed10.04.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed17.04.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed24.04.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed08.05.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed15.05.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed22.05.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed29.05.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed05.06.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed12.06.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed19.06.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture
Wed26.06.202413:00 - 15:00EI 2 Pichelmayer HS - ETIT Lecture

Examination modalities

Written exam and practical exercises (challenges).


Course registration

Begin End Deregistration end
20.02.2024 00:00 31.03.2024 23:59 31.03.2024 23:59


Study CodeObligationSemesterPrecon.Info
066 645 Data Science Mandatory elective
066 926 Business Informatics Mandatory elective
066 937 Software Engineering & Internet Computing Mandatory elective


No lecture notes are available.

Previous knowledge

Programming experience in C/C++ and/or Python would be helpful. 


Preceding courses