192.082 Introduction to Security
This course is in all assigned curricula part of the STEOP.
This course is in at least 1 assigned curriculum part of the STEOP.

2023S, UE, 2.0h, 3.0EC

TUWEL course

Properties

Semester hours: 2.0
Credits: 3.0
Type: UE Exercise
Format: Presence

Learning outcomes

After successful completion of the course, students are able to identify common software security vulnerabilities and avoid typical pitfalls in the development phase. The aim is to provide hands-on experience in the sort of attacks and protections found in the real world. More specifically, students will access a safe environment to interact with realistic applications containing ad-hoc vulnerabilities. The LVA offers practical exercises and follow-up materials to complement the topics presented during the Introduction to Security (VU) course.

Subject of course

Introduction

Python and bash scripting
Tools for binary and web exploit development

System Security

Buffer/stack overflow
Circumventing overflow mitigation techniques
Return-oriented programming (ROP)

Web Security

Server-side vulnerabilities
Client-side vulnerabilities
Client-side mitigations and bypasses
Browser side-channels

Verification

Modelling and verifying real-world web protocols

Teaching methods

In this semester the course is held predominantly on-site. Students are required to complete practical assignments through which they can assimilate the concepts learned during the course. The release schedule of the assignments can be found on TUWEL.

Mode of examination

Immanent

Additional information

ECTS Breakdown

3 ECTS = 75h

8h lectures
67h self-study and projects development

Lecturers

Contributors

Veronese, Lorenzo

Institute

E192 Institute of Logic and Computation

Course dates

Day	Time	Date	Location	Description
Mon	11:00 - 12:00	06.03.2023	EI 7 Hörsaal - ETIT	Presentation of the course
Mon	11:00 - 12:00	13.03.2023	EI 7 Hörsaal - ETIT	Presentation of the lab environment
Mon	11:00 - 13:00	27.03.2023	EI 7 Hörsaal - ETIT	Tutorial - Binary Analysis
Tue	11:00 - 13:00	02.05.2023	EI 7 Hörsaal - ETIT	Tutorial - Web Security
Mon	13:00 - 15:00	12.06.2023	EI 7 Hörsaal - ETIT	Tutorial - Formal analysis

Examination modalities

Students are required to solve practical assignments, which are mostly focused on the implementation of the attacks presented during the course. The final grade of the course is based on reports in which students explain how they solved the proposed problems and what are the possible security countermeasures.

Course registration

Begin	End	Deregistration end
13.02.2023 00:01	19.03.2023 23:59	19.03.2023 23:59

Curricula

Study Code	Obligation	Precon.
033 526 Business Informatics	Mandatory elective	Course requires the completion of the introductory and orientation phase
033 532 Media Informatics and Visual Computing	Not specified	Course requires the completion of the introductory and orientation phase
033 533 Medical Informatics	Not specified	Course requires the completion of the introductory and orientation phase
033 534 Software & Information Engineering	Not specified	Course requires the completion of the introductory and orientation phase
066 515 Automation and Robotic Systems	Mandatory elective
880 FW Elective Courses - Computer Science	Elective	Course requires the completion of the introductory and orientation phase

Literature

No lecture notes are available.

Accompanying courses

184.783 VU Introduction to Security

Continuative courses

Miscellaneous

Attendance Required!

Language

English