Semester:
|
|
SS 2010 |
|
LVA - Name:
(Course name) |
|
Secure Code |
|
LVA - Nummer:
(Course number) |
|
353.013 |
|
LVA - Typ
(Course type) |
|
KV |
|
Wochenstunden pro Sem.:
(Week-hours per semester) |
|
1 |
|
Vortragende(r):
(Lecturer) |
|
MSc. Dr. Alexandros Paramythis |
|
Max. Teilnehmerzahl:
(Maximum participants) |
|
35 |
|
Anmeldemodus:
(Registration) |
|
Computeranmeldung
Prerequisite knowledge:
Good knowledge of programming will be required. Participants should be familiar
with both Java and C, and have at least working knowledge of
HTML / HTTP and SQL.
|
|
Termine:
(Lecture dates) |
|
Block (The dates and times of lectures will be
decided once the course starts)
|
|
Inhalt der LVA:
(Course contents)
|
|
Course
curriculum:
- Security Goals
Authentication,
Authorization,
Confidentiality,
Data / Message Integrity,
Accountability,
Availability,
Non-Repudiation
- Secure Systems Design
Understanding Threats,
“Designing-In” Security,
Convenience and Security,
Security By Obscurity,
Open vs. Closed Source,
A Game of Economics
- Secure Design Principles
Principle of Least Privilege,
Defense-in-Depth & Diversity-in-Defense,
Secure the Weakest Link,
Fail-Safe Stance,
Secure by Default,
Simplicity & Usability
- Worms and Other Malware
Internet worms and their history, Rootkits, Botnets, Spyware, and more
Malware
- Buffer Overflows
How buffer overflows work, machine hijacking, malicious code injenction,
possible fixes (Safe string libraries, �StackGuard, Static Analysis),
other types of overflows (heap, integer, …)
- Client-State Manipulation
Examples of how manipulation of client state can affect the server in
web applications
- SQL Injection
Command injection vulnerability - untrusted input inserted into query or command, SQL injection examples & solutions
- Password Security
Password systems and vulnerabilities,
Threats: online & offline dictionary attacks,
Solutions: hashing & salting
- Cross-Domain Security
in Web Applications
Cross-Site Scripting (XSS), Cross-site
request forgery (CSRF/XSRF), etc.
Project work:
As part of the course, you will be required to participate in a group
project in which you will gain hands-on experience with the course material.
The project will be assessed and marked, and will contribute towards
the final mark for the course.
|
|
LVA - Modus:
(Teaching notes)
|
|
The lecture will be held in
English!
Die Lehrveranstaltung wird in englischer Sprache abgehalten! |
|
Prüfung:
(Exam) |
|
The
course will have a final exam. Final marks will be derived
proportionally from exam marks and from project marks (see above for details
on the types of projects that will be available for selection) |
|
Literatur:
(Reading material) |
|
Course slides and accompanying materials, will
be made available on the course's web site and will be available to course
participants. |
|
Sonstige Informationen:
(Additional information)
|
|
Further information about the course will be
available on the course's web site. If you need additional details to decide
whether you wish to register for the course, please communicate directly
with the lecturer (see "Further inquiries" below). |
|
Weitere Auskünfte:
(Further inquiries) |
|
Alexandros Paramythis |
