Security

This course aims at introducing basic concepts and techniques for the development of secure systems and networks. The course is formally split in two modules [CM0475] Security 1  (classes) and [CM0494] Security 2 (lab). This course used to cover cryptography which is now a separate course.

Security is one of the courses of the Laurea Magistrale (Master degree) in Computer Science at Ca’ Foscari, Venice. It is a blended course of the Ca’ Foscari e-learning program and combines traditional classroom teaching with on-line classes, tutoring, challenges and a live Capture The Flag (CTF).

News

  • [20 Sep. 2018] The virtual meeting point is Slack. Read below for more information.

Assessment

First part:

  • Written exam giving a base score;
  • Challenges giving bonus on the base score (more detail will be provided soon).

Second part:

  • The base score is the one of the first part;
  • The lab is passed by completing challenges and reaching a minimum score in the live CTF (more detail will be given in class)
  • Challenges and CTF will give an extra score on the base score;
  • In the unlikely and unfortunate case that a student does not pass the lab, (s)he will need to pass an individual lab test.

Course material and books

All of the course material will be made available on-line here. The following books might anyway provide a useful reference:

On-line resources

  • The virtual meeting point for the on-line classes is on Slack! You can automatically signup with either your @stud.unive.it or @unive.it e-mail account.

Table of contents (updated during the semester!)

Part 1

  • Background and tools
    • [21/09/2018] Unix shell
    • [TBA] Exercises on Unix shell
    • [TBA] Introduction to Python
    • [TBA] Challenge – ALIENQUIZ (on-line class)
    • [TBA] Intel assembly
    • [TBA] Program analysis with gdb
  • Program exploitation
    • [TBA] Overflow and stack protection
    • [TBA] Challenge – OVERSHADE (on-line class) [tips]
    • [TBA] Overwriting return address
    • [TBA] Format strings (class postponed at 15.45)
    • [TBA] Secure coding
    • [TBA] Challenge – STARCALC (on-line class)
  • System and network security
    • [TBA] Identification
    • [TBA] Access Control
    • [TBA] Firewalls
    • [TBA] Challenge – OTPIZZA (on-line class)
  • Web security
    • [TBA] Server-side web attacks
    • [TBA] Blind SQL injections
    • [TBA] Secure Coding in PHP
    • [TBA] Challenge – RMB (on-line class)
    • [TBA] Client-side web security
    • [TBA] Cross site scripting (XSS)
    • [TBA] Cross site request forgery (CSRF)
    • [TBA] Challenge – OBXSSESSION (on-line class)

Part 2

  • Program exploitation lab
    • [TBA] Program analysis with IDA (Lab 3)
    • [TBA] Challenge – PWNPELM0 (on-line class)
    • [TBA] First CTF Service – ROBOFS (on-line class)
    • [TBA] First CTF! (on-line hacking competition) Final scoreboard
  • Server-side web security lab
    • [8/3/2018] Selected topics on server-side web security (Lab 3)
    • [TBA] Challenge – LITEUP (on-line class)
    • [TBA] Second CTF Service – MILKYWAY (on-line class)
    • [TBA] Second CTF! (on-line hacking competition)
  • Client-side web security lab
    • [TBA] Advanced client-side web security threats (Lab 3)
    • [TBA] Challenge – SOPOPERA (on-line class)
    • [TBA] Last CTF! (on-line hacking competition)

Links

Leave a Reply

Your email address will not be published. Required fields are marked *