After successful completion of the course, students are able to understand common errors and security vulnerabilities as well as to deploy ways to detect and avoid them. They gain a deeper understanding about the root causes of those errors and vulnerabilities by exploiting them themselves in a controlled environment. As a result, students are able to actively avoid these vulnerabilities and implement appropriate security measures in security relevant projects.
The lecture deals with common errors and vulnerabilities as well as ways to detect and avoid them. Examples are used to highlight the general error classes and how they can be abused.
In order to teach the subject in the most authentic way, the lecture uses an "offensive approach": Security-related topics are viewed from an attacker's perspective and possible attack scenarios are shown. In practical challenges the students need to exploit previously discussed security vulnerabilities inside a controlled challenge-environment. This improves the students' understanding of the handled topics and helps them to prevent similar mistakes in own projects and allows them to actively take security measures when handling security relevant projects.
Lectures with slides, live demonstrations and tutorial sessions.Accompanying challenges as homework assignments.
The lecture is held in English. The most up to date information about the lecture (e.g., lecture times, registration) is on the course home page.
ECTS Breakdown (3 ECTS = 75 hours):
The lecture consists of- a practice part, consisting of 7 "Challenges", and- a examination at the end of the semester.The final mark is made up of 84% from the exercise and 16% from the examination.
TISS registrations will be imported to the Challenge environment automatically. Please double check your registered Email account. It will be used for correspondence once the Challenges have started.