Secure Software Design - Academic year 2017/2018

Course information

Lecturer: Mario Alviano

Office hours: consult my homepage

Assistant: Davide Fuscà

Notice board

• 13/01/2018 13:30: Students who have attended at least 70% of the course: download

• 21/09/2017 11:45: The course will start on the 4th of October 2017.

Schedule

Lecture Hall: MT15

Lectures

• 04/10/2017 11:30-13:30 - Introduction
• 05/10/2017 15:00-17:00 - Low level attacks - Assembly Language (part 1)
• 11/10/2017 11:30-13:30 - Low level attacks - Assembly Language (part 2)
• 12/10/2017 15:00-17:00 - Low level attacks - Assembly exercises
• 18/10/2017 11:30-13:30 - Low level attacks - Embedded Security exercises (part 1)
• 19/10/2017 15:00-17:00 - Low level attacks - Disassembler and debugger
• 25/10/2017 11:30-13:30 - Low level attacks - Shellcode (part 1)
• 26/10/2017 15:00-17:00 - Low level attacks - Shellcode (part 2)
• 01/11/2017 11:30-13:30 - NO LECTURE
• 02/11/2017 15:00-17:00 - Protostar - Stack (part 1)
• 08/11/2017 11:30-13:30 - Protostar - Stack (part 2)
• 09/11/2017 15:00-17:00 - Low level attacks - Format string vulnerabilities (part 1)
• 15/11/2017 11:30-13:30 - NO LECTURE
• 16/11/2017 15:00-17:00 - NO LECTURE
• 22/11/2017 11:30-13:30 - Low level attacks - Format string vulnerabilities (part 2)
• 23/11/2017 15:00-17:00 - Protostar - Format string vulnerabilities (part 1)
• 25/11/2017 08:30-13:30 - Exam simulation
• 29/11/2017 11:30-13:30 - Protostar - Format string vulnerabilities (part 2)
• 30/11/2017 15:00-17:00 - Low level attacks - Embedded Security exercises (part 2)
• 06/12/2017 11:30-13:30 - Java - IDS, OBJ
• 07/12/2017 15:00-17:00 - Java - EXP, NUM, MET, ERR
• 13/12/2017 11:30-13:30 - Web Goat - Insecure Communication, Authentication Flaws, Code Quality
• 14/12/2017 15:00-17:00 - Web Goat - Injection Flaws
• 20/12/2017 11:30-13:30 - Web Goat - Ajax Security, Cross-Site Scripting
• 21/12/2017 15:00-17:00 - Web Goat - Parameter Tampering, Session Management Flaws
• 10/01/2018 11:30-13:30 - Nebula - Privilege escalation (part 1)
• 11/01/2018 15:00-17:00 - Nebula - Privilege escalation (part 2)
• 13/01/2018 08:30-13:30 - Summary exercises (lab 31/b)

Course material

Slides

1. Introduction: presentation, handout

2. Low level attacks - Assembly (part 1): presentation, handout, examples

3. Low level attacks - Assembly (part 2): presentation, handout, examples

4. Low level attacks - Disassembler and debugger: presentation, handout, examples

5. Low level attacks - Shellcode: presentation, handout, examples

6. Low level attacks - Final remarks: presentation, handout, examples

7. Low level attacks - Format string vulnerabilities (part 1): presentation, handout, examples

8. Low level attacks - Format string vulnerabilities (part 2): presentation, handout, examples

9. Java - Input Validation and Data Sanitization (IDS), Object Orientation (OBJ): presentation, handout

10. Java - Expressions (EXP), Numeric Types and Operations (NUM), Methods (MET), Exceptional Behavior (ERR): presentation, handout

Exercises to Solve at Home

• Have a look at the end of the slides; some solutions written in the class can be found here

• Nebula

  • website

  • Write-ups of suggested exercises

• Protostar

  • website

  • Write-ups of stack exercises

  • Write-ups of format string exercises

• Embedded security

  • website

  • Write-ups of suggested exercises

• SQL Injection on OWASP Mutillidae II up to Client-side Security

  1. OWASP 2013 | A1 Injection (SQL) | SQLi – Extract Data | User Info (SQL)
  2. OWASP 2013 | A1 Injection (SQL) | SQLi – Bypass Authentication | Login
  3. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
  4. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register

• HTML Injection & XSS on OWASP Mutillidae II up to Client-side Security

  1. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | View Captured Data
  2. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
  3. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register

• App-Script challenges from root-me.org: the goal is to read the content of file .passwd

  1. ELF32 - System 1

  2. ELF32 - System 2

  3. Bash - cron: the crontab of app-script-ch4-cracked runs a script that in turn runs everything in cron.d directory.

  4. Perl - Command injection

  5. sudo - weak configuration: use sudo -l to list the allowed (and forbidden) commands; the password is in ch1cracked/.passwd

• App-System challenges from root-me.org: the goal is to read the content of file .passwd

  1. ELF32 - Stack buffer overflow basic 1

  2. ELF32 - Stack buffer overflow basic 2

  3. ELF32 - Stack buffer overflow basic 3

  4. ELF32 - Stack buffer overflow basic 6

  5. ELF32 - BSS buffer overflow

  6. ELF32 - Race condition

  7. ELF32 - Format string bug basic 1

  8. ELF32 - Format string bug basic 2

  9. ELF32 - Format string bug basic 3

  10. ELF32 - Stack buffer overflow basic 4

  11. ELF32 - Stack buffer overflow basic 5

  12. ELF32 - Stack buffer and integer overflow

Programs

• ---

Books

• Gray Hat Hacking: The Ethical Hacker's Handbook, Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims

  web page of the book

• The CERT Oracle Secure Coding Standard for Java, Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda

  web page of the book

• Elementary Information Security, Richard E. Smith

  web page of the book

• System Forensics, Investigation and Response, Chuck Easttom

  web page of the book

Web Pages

• SEI CERT Oracle Coding Standard for Java

• SEI CERT C++ Coding Standard

• OWASP

• WebGoat Project

• ZAP

• exploit-exercises.com

• XSS exercises

• Assembly Programming Tutorial

• x86 Assembly Guide

• Online disassembler

• Embedded security exercises

• OverTheWire Wargames (suggested wargame: narnia)

Exams

• 07/02/2018 9:00 - Lab 31/b
• 28/02/2018 9:00 - Lab 31/b
• 05/05/2018 9:00 - Lab 31/b
• 04/07/2018 9:00 - Lab 31/b
• 25/07/2018 9:00 - Lab 31/b
• 19/09/2018 9:00 - Lab 31/b

Previous editions

• Academic year 2016/2017