Secure Software Design - Academic year 2019/2020

Course information

Lecturer: Mario Alviano

Office hours: consult my homepage

Notice board

27/05/2020 11:00: Exams and next edition on Microsoft Teams: follow this link

20/12/2019 11:20: Students who have attended at least 70% of the course: download

18/12/2019 10:50: First exam will be at 14:00

29/10/2019 09:15: No lecture on 30/10/2019: notice

Schedule

Lecture Hall: MT15

Lectures

• 02/10/2019 10:30-13:30 - Introduction
• 03/10/2019 08:30-10:30 - Low level attacks - Assembly Language (part 1)
• 09/10/2019 10:30-13:30 - Low level attacks - Assembly Language (part 2)
• 10/10/2019 08:30-10:30 - Low level attacks - Embedded Security exercises (part 1)
• 16/10/2019 10:30-13:30 - Low level attacks - Disassembler and debugger
• 17/10/2019 08:30-10:30 - Low level attacks - Shellcode (part 1)
• 23/10/2019 10:30-13:30 - Low level attacks - Shellcode (part 2)
• 24/10/2019 08:30-10:30 - Protostar - Stack
• 30/10/2019 10:30-13:30 - NO LECTURE
• 31/10/2019 08:30-10:30 - Low level attacks - Format string vulnerabilities and Protostar (part 1)
• 06/11/2019 10:30-13:30 - Low level attacks - Format string vulnerabilities and Protostar (part 2)
• 07/11/2019 08:30-10:30 - Low level attacks - Embedded Security exercises (part 2)
• 13/11/2019 10:30-13:30 - Nebula - Privilege escalation
• 14/11/2019 08:30-10:30 - Narnia - Low level attacks
• 16/11/2019 13:30-18:30 - Exam simulation
• 20/11/2019 10:30-13:30 - NO LECTURE
• 21/11/2019 08:30-10:30 - NO LECTURE
• 27/11/2019 10:30-13:30 - OWASP Top 10
• 28/11/2019 08:30-10:30 - Web Goat - Introduction, HTTP Basics and HTTP Proxies
• 04/12/2019 10:30-13:30 - Web Goat - Injection
• 05/12/2019 08:30-10:30 - Web Goat - Client Side
• 11/12/2019 10:30-14:30 - Web Goat - Broken Authentication, Cross-Site Scripting, Broken Access Control, Sensitive Data Exposure
• 14/12/2019 13:30-18:30 - Exam simulation

Course material

Slides

1. Introduction: presentation, handout

2. Low level attacks - Assembly (part 1): presentation, handout, examples

3. Low level attacks - Assembly (part 2): presentation, handout, examples

4. Low level attacks - Disassembler and debugger: presentation, handout, examples

5. Low level attacks - Shellcode: presentation, handout, examples

6. Low level attacks - Final remarks: presentation, handout, examples

7. Low level attacks - Format string vulnerabilities (part 1): presentation, handout, examples

8. Low level attacks - Format string vulnerabilities (part 2): presentation, handout, examples

9. OWASP Top 10: presentation

Exercises to Solve at Home

• Have a look at the end of the slides; some solutions written in the class can be found here

• Nebula

  • website

  • webarchive copy

  • iso image

  • Write-ups of suggested exercises

• Protostar

  • website

  • webarchive copy

  • iso image

  • Binaries of stack exercises

  • Write-ups of stack exercises

  • Binaries of format string exercises

  • Write-ups of format string exercises

• Narnia (Over The Wire)

  • website

  • Write-ups

• Embedded security

  • website

  • Write-ups of suggested exercises

• Web Goat

  • WebGoat and WebWolf

  • Write-ups of suggested exercises

• SQL Injection on OWASP Mutillidae II up to Client-side Security

  1. OWASP 2013 | A1 Injection (SQL) | SQLi – Extract Data | User Info (SQL)
  2. OWASP 2013 | A1 Injection (SQL) | SQLi – Bypass Authentication | Login
  3. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
  4. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register

• HTML Injection & XSS on OWASP Mutillidae II up to Client-side Security

  1. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | View Captured Data
  2. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
  3. OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register

• App-Script challenges from root-me.org: the goal is to read the content of file .passwd

  1. ELF32 - System 1

  2. ELF32 - System 2

  3. Bash - cron: the crontab of app-script-ch4-cracked runs a script that in turn runs everything in cron.d directory.

  4. Perl - Command injection

  5. sudo - weak configuration: use sudo -l to list the allowed (and forbidden) commands; the password is in ch1cracked/.passwd

• App-System challenges from root-me.org: the goal is to read the content of file .passwd

  1. ELF32 - Stack buffer overflow basic 1

  2. ELF32 - Stack buffer overflow basic 2

  3. ELF32 - Stack buffer overflow basic 3

  4. ELF32 - Stack buffer overflow basic 6

  5. ELF32 - BSS buffer overflow

  6. ELF32 - Race condition

  7. ELF32 - Format string bug basic 1

  8. ELF32 - Format string bug basic 2

  9. ELF32 - Format string bug basic 3

  10. ELF32 - Stack buffer overflow basic 4

  11. ELF32 - Stack buffer overflow basic 5

  12. ELF32 - Stack buffer and integer overflow

Virtual Machine

• Material for ASI Workshop on Cyber Security: Virtual Machine (2 GB), slides

Books

• Gray Hat Hacking: The Ethical Hacker's Handbook, Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims

  web page of the book

• The CERT Oracle Secure Coding Standard for Java, Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda

  web page of the book

• Elementary Information Security, Richard E. Smith

  web page of the book

• System Forensics, Investigation and Response, Chuck Easttom

  web page of the book

Web Pages

• SEI CERT Oracle Coding Standard for Java

• SEI CERT C++ Coding Standard

• OWASP

• WebGoat Project

• ZAP

• Exploit Exercises (webarchive copy)

• XSS exercises

• Assembly Programming Tutorial

• x86 Assembly Guide

• Online disassembler

• Embedded security exercises

• OverTheWire Wargames (suggested wargame: natas, leviathan)

Exams

• 30/01/2020 14:00 - Lab 31/b
• 14/02/2020 09:00 - Lab 31/b

• 08/07/2020 09:00 - Teams - exam format

• 30/07/2020 09:00 - Teams - exam format

• 05/09/2020 09:00 - Teams - exam format

• 18/09/2020 09:00 - Teams - exam format

Previous editions

• Academic year 2018/2019

• Academic year 2017/2018

• Academic year 2016/2017