Secure Software Design - Academic year 2017/2018
Course information
Lecturer: Mario Alviano
Office hours: consult my homepage
Assistant: Davide Fuscà
Notice board
13/01/2018 13:30: Students who have attended at least 70% of the course: download
21/09/2017 11:45: The course will start on the 4th of October 2017.
Schedule
Lecture Hall: MT15
Lectures
- 04/10/2017 11:30-13:30 - Introduction
- 05/10/2017 15:00-17:00 - Low level attacks - Assembly Language (part 1)
- 11/10/2017 11:30-13:30 - Low level attacks - Assembly Language (part 2)
- 12/10/2017 15:00-17:00 - Low level attacks - Assembly exercises
- 18/10/2017 11:30-13:30 - Low level attacks - Embedded Security exercises (part 1)
- 19/10/2017 15:00-17:00 - Low level attacks - Disassembler and debugger
- 25/10/2017 11:30-13:30 - Low level attacks - Shellcode (part 1)
- 26/10/2017 15:00-17:00 - Low level attacks - Shellcode (part 2)
- 01/11/2017 11:30-13:30 - NO LECTURE
- 02/11/2017 15:00-17:00 - Protostar - Stack (part 1)
- 08/11/2017 11:30-13:30 - Protostar - Stack (part 2)
- 09/11/2017 15:00-17:00 - Low level attacks - Format string vulnerabilities (part 1)
- 15/11/2017 11:30-13:30 - NO LECTURE
- 16/11/2017 15:00-17:00 - NO LECTURE
- 22/11/2017 11:30-13:30 - Low level attacks - Format string vulnerabilities (part 2)
- 23/11/2017 15:00-17:00 - Protostar - Format string vulnerabilities (part 1)
- 25/11/2017 08:30-13:30 - Exam simulation
- 29/11/2017 11:30-13:30 - Protostar - Format string vulnerabilities (part 2)
- 30/11/2017 15:00-17:00 - Low level attacks - Embedded Security exercises (part 2)
- 06/12/2017 11:30-13:30 - Java - IDS, OBJ
- 07/12/2017 15:00-17:00 - Java - EXP, NUM, MET, ERR
- 13/12/2017 11:30-13:30 - Web Goat - Insecure Communication, Authentication Flaws, Code Quality
- 14/12/2017 15:00-17:00 - Web Goat - Injection Flaws
- 20/12/2017 11:30-13:30 - Web Goat - Ajax Security, Cross-Site Scripting
- 21/12/2017 15:00-17:00 - Web Goat - Parameter Tampering, Session Management Flaws
- 10/01/2018 11:30-13:30 - Nebula - Privilege escalation (part 1)
- 11/01/2018 15:00-17:00 - Nebula - Privilege escalation (part 2)
- 13/01/2018 08:30-13:30 - Summary exercises (lab 31/b)
Course material
Slides
Introduction: presentation, handout
Low level attacks - Assembly (part 1): presentation, handout, examples
Low level attacks - Assembly (part 2): presentation, handout, examples
Low level attacks - Disassembler and debugger: presentation, handout, examples
Low level attacks - Shellcode: presentation, handout, examples
Low level attacks - Final remarks: presentation, handout, examples
Low level attacks - Format string vulnerabilities (part 1): presentation, handout, examples
Low level attacks - Format string vulnerabilities (part 2): presentation, handout, examples
Java - Input Validation and Data Sanitization (IDS), Object Orientation (OBJ): presentation, handout
Java - Expressions (EXP), Numeric Types and Operations (NUM), Methods (MET), Exceptional Behavior (ERR): presentation, handout
Exercises to Solve at Home
Have a look at the end of the slides; some solutions written in the class can be found here
- Nebula
- Protostar
- Embedded security
SQL Injection on OWASP Mutillidae II up to Client-side Security
- OWASP 2013 | A1 Injection (SQL) | SQLi – Extract Data | User Info (SQL)
- OWASP 2013 | A1 Injection (SQL) | SQLi – Bypass Authentication | Login
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register
HTML Injection & XSS on OWASP Mutillidae II up to Client-side Security
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | View Captured Data
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register
App-Script challenges from root-me.org: the goal is to read the content of file .passwd
Bash - cron: the crontab of app-script-ch4-cracked runs a script that in turn runs everything in cron.d directory.
sudo - weak configuration: use sudo -l to list the allowed (and forbidden) commands; the password is in ch1cracked/.passwd
App-System challenges from root-me.org: the goal is to read the content of file .passwd
Programs
- ---
Books
- Gray Hat Hacking: The Ethical Hacker's Handbook, Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims
- The CERT Oracle Secure Coding Standard for Java, Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
- Elementary Information Security, Richard E. Smith
- System Forensics, Investigation and Response, Chuck Easttom
Web Pages
Exams
- 07/02/2018 9:00 - Lab 31/b
- 28/02/2018 9:00 - Lab 31/b
- 05/05/2018 9:00 - Lab 31/b
- 04/07/2018 9:00 - Lab 31/b
- 25/07/2018 9:00 - Lab 31/b
- 19/09/2018 9:00 - Lab 31/b