Secure Software Design - Academic year 2020/2021
Course information
Lecturer: Mario Alviano
Office hours: consult my homepage
Notice board
Schedule
Lecture Hall: MT10
Lectures
- 01/10/2020 14:30-16:30 - Introduction + Why design matters for security (part 1)
- 02/10/2020 11:30-14:30 - Why design matters for security (part 2)
- 08/10/2020 14:30-16:30 - Deep modeling
- 09/10/2020 11:30-14:30 - Core concepts of Domain-Driven Design
- 15/10/2020 14:30-16:30 - Code constructs promoting security
- 16/10/2020 11:30-14:30 - Domain primitives - Part 1
- 22/10/2020 14:30-16:30 - Domain primitives - Part 2
- 23/10/2020 11:30-14:30 - Ensuring integrity of state
- 29/10/2020 14:30-16:30 - Reducing complexity of state
- 30/10/2020 11:30-14:30 - Handling failures securely
- 05/11/2020 14:30-16:30 - OWASP Top 10 - Part 1
- 06/11/2020 11:30-14:30 - OWASP Top 10 - Part 2
- 12/11/2020 14:30-16:30 - OWASP ZAP
- 13/11/2020 11:30-14:30 - Introduction to Test-Driven Design
- 19/11/2020 14:30-16:30 - Django REST Framework - Part 1
- 20/11/2020 11:30-14:30 - Django REST Framework - Part 2
- 26/11/2020 14:30-16:30 - Advanced tests for Python
- 27/11/2020 11:30-14:30 - Student Project
- 03/12/2020 14:30-16:30 - Student Project
- 04/12/2020 11:30-14:30 - Student Project
- 10/12/2020 14:30-16:30 - Student Project
- 11/12/2020 11:30-13:30 - Exam Simulation
- 17/12/2020 14:30-16:30 - Student Project Showcase
Course material
Slides
Introduction: presentation
Why design matters for security: presentation
Deep modeling: presentation
Core concepts of Domain-Driven Design: presentation
Code constructs promoting security: presentation
Domain primitives: presentation, examples
Ensuring integrity of state: presentation, examples
Reducing complexity of state: presentation
Handling failures securely: presentation, exercises
OWASP Top 10: presentation
OWASP ZAP: presentation
Introduction to Test-Driven Design: presentation, examples
Django REST Framework - Part 1: presentation, examples
Django REST Framework - Part 2: presentation, examples
Advanced tests for Python: presentation, examples
Student Projects: presentation
Student Projects - Lessons Learned: presentation
Exercises to Solve at Home
Have a look at the end of the slides; some solutions written in the class can be found here
- Web Goat
SQL Injection on OWASP Mutillidae II up to Client-side Security
- OWASP 2013 | A1 Injection (SQL) | SQLi – Extract Data | User Info (SQL)
- OWASP 2013 | A1 Injection (SQL) | SQLi – Bypass Authentication | Login
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register
HTML Injection & XSS on OWASP Mutillidae II up to Client-side Security
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | View Captured Data
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
- OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register
Books
- Secure by Design - Dan Bergh Johnsson, Daniel Deogun, Daniel Sawano - Manning
Web Pages
Exams
- 02/02/2021 09:00
- 23/02/2021 09:00
- 07/07/2021 09:00
- 28/07/2021 09:00
- 25/09/2021 14:00 - MT6