This course aims at introducing basic concepts and techniques for the development of secure systems and networks. The course is formally split in two modules [CM0475] Security 1 (classes) and [CM0494] Security 2 (lab). This course used to cover cryptography which is now a separate course.
Security is one of the courses of the Laurea Magistrale (Master degree) in Computer Science at Ca’ Foscari, Venice. It is a blended course of the Ca’ Foscari e-learning program and combines traditional classroom teaching with on-line classes, tutoring, challenges and a live Capture The Flag (CTF).
- [20 Sep. 2018] The virtual meeting point is Slack. Read below for more information.
- [20 Dec. 2018] Exams from previous year are available here
- Written exam giving a base score;
- Challenges giving bonus on the base score (more detail here).
- The base score is the one of the first part;
- The lab is passed by completing challenges and reaching a minimum score in the live CTF:
- Completing at least 2 challenges (with writeup)
- Scoring better than “idlers” in at least 2 CTFs
- Challenges and CTF will give an extra score on the base score:
- Up to 0.5 for each challenge
- Up to 0.5 for each CTF, depending on the final position: score(position) = (6-position)*0.1
- In the unlikely and unfortunate case that a student does not pass the lab, (s)he will need to pass an individual lab test.
Course material and books
All of the course material will be made available on-line here. The following books might anyway provide a useful reference:
- William Stallings, Lawrie Brown. Computer Security: Principles and Practice, 4th Edition. Pearson, 2018.
- J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
- R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2008.
Table of contents (updated during the semester!)
- Background and tools
- Program exploitation
- [12/10/2018] Buffer overflow (slides)
- [18/10/2018] Stack overflow (slides)
- [19/10/2018] Challenge – OVERSHADE (on-line class) (tips)
- [25/10/2018]Mitigations and Secure coding (slides)
- [26/10/2018] Format strings (slides, recording)
- [08/11/2018] Exercises on stack protection
- [09/11/2018] Challenge – STARCALC (on-line class)
- System and network security
- Web security
- [29/11/2018] Server-side web attacks (slides)
- [30/11/2018] Secure Coding in PHP (slides)
- [06/12/2018] Blind SQL injections (slides)
- [07/12/2018] Challenge – RMB (on-line class)
- [13/12/2018] Client-side web security (slides)
- [14/12/2018] Cross site scripting (XSS) and Cross site request forgery (CSRF) (slides)
- [20/12/2018] Challenge – OBXSSESSION (on-line class)
- Program exploitation lab
- Server-side web security lab
- [11/03/2019] Selected topics on server-side web security (Lab 3)
- [18/03/2019] Challenge – FLAGSHOP (on-line class)
- [25/03/2019] Seminario della Polizia Postale e delle Comunicazioni (in Italian)
- [01/04/2019] CTF training: defence and network monitoring (slides)
- [08/04/2019] Second CTF! (on-line hacking competition)
- Client-side web security lab