CY(S)-5770 Software Vulnerabilities and Security (SoftVulnSec)
echo "Software Security" | sed s/\ /\ Vulnerabilities\ and\ /g
For correspondence, send a mail to email@example.com.
Office hours: Fridays, 1pm-2pm on Zoom. See Zoom information
Bahruz Jabiyev, Dennis Giese
Lab hours: Tuesdays (12-2pm), Wednesday (2-4pm), Thursdays (4-6pm), Friday (2-4pm) See Zoom information
- 11.30.2020 Challenge 8 is online. Good luck!
- 11.23.2020 Challenge 7 is online. Good luck!
- 11.23.2020 Quiz 2 results have been announced on Canvas
- 11.16.2020 Challenge 6 is online. Good luck!
- 11.09.2020 Challenge 5 is online. Good luck!
- 11.09.2020 Midterm results have been announced on Canvas
- 10.26.2020 Quiz 1 results have been announced on Canvas
- 10.19.2020 Challenge 4 is online. Good luck!
- 10.11.2020 Bonus SQL challenge announced on Canvas.
- 10.10.2020 The Challenge 3 deadline was posted wrong. It is the 19th. Please check the specs.
- 10.05.2020 Updated this page with all the office hours and Zoom links.
- 10.05.2020 Challenge 3 is online. Good luck!
- 09.28.2020 Challenge 2 is online. Good luck!
- 09.21.2020 Challenge 1 is online. Good luck!
- 09.17.2020 Posted Piazza information on Canvas.
- 09.16.2020 Account information has been mailed out.
- 09.14.2020 The course has been updated.
- 09.01.2020 The course website will be updated in about a week.
Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect systems, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of attacks is a prerequisite for the design and implementation of secure systems.
This course deals with common programming, configuration, and design mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows. Possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of systems can be violated, and how such attacks can be detected and prevented.
The course aims to make the students "security aware", and gain an in-depth understanding about security issues.
- Operating system security and vulnerabilities
- - (UNIX, Windows, stack and heap overflows)
- Windows Security
- Memory corruption
- - (Buffer overflows, Heap overflows, Format string issues, etc.))
- Reverse engineering and binary analysis
- Malicious code
- - (Viruses, Worms, Botnets, APTs, etc.)
- Language security
- Web security
- Significant Programming experience
- - (This course is not for you if you are a beginner)
- Knowledge of C/C++ useful
- Basic SQL knowledge
- Basic web programming knowledge
Dates and Times
Mondays 6-9pm on Zoom
Slides, Material, and Schedule
Use your course credentials to access the material below.
Here are videos to the demos in class.
- 12.07.2020 // Final
- 11.30.2020 // Class 10 // Quiz 3 // (slides and recordings have been posted on Canvas)
- 11.23.2020 // Class 9 // (slides and recordings have been posted on Canvas)
- 11.16.2020 // Class 8 // Quiz 2 // (slides and recordings have been posted on Canvas)
- 11.09.2020 // Class 7 // (slides and recordings have been posted on Canvas)
- 11.02.2020 // Midterm
- 10.26.2020 // Class 6 // (slides and recordings have been posted on Canvas)
- 10.19.2020 // Class 5 // Quiz 1 // (slides and recordings have been posted on Canvas)
- 10.05.2020 // Class 4 (slides have been posted on Canvas)
- 09.28.2020 // Class 3 (slides have been posted on Canvas)
- 09.21.2020 // Class 2 (slides have been posted on Canvas)
- 09.14.2020 // Class 1 (slides have been posted on Canvas)
Practical Challenges (Assignments)
Students will "need" to solve a set of practical challenges (assignments) in the lab part of the course. For more information on the challenges and the grading, check this page.
- 10%: 3 Quizzes
- 20%: Midterm exam
- 20%: Final exam
- 10%: Participation
- 40%: 8 practical security challenges
Registration details will be announced via e-mail to the registered participants.
Last Modified: NA