This course aims at introducing basic concepts and techniques for the development of secure systems and networks. The course is formally split in two modules [CM0475] Security 1 (classes) and [CM0494] Security 2 (lab). This course used to cover cryptography which is now a separate course.
Security is one of the courses of the Laurea Magistrale (Master degree) in Computer Science at Ca’ Foscari, Venice. It is a blended course of the Ca’ Foscari e-learning program and combines traditional classroom teaching with on-line classes, tutoring, challenges and a live Capture The Flag (CTF).
- Written exam giving a base score;
- Challenges giving bonus on the base score (more detail here).
- The base score is the one of the first part;
- The lab is passed by completing challenges and reaching a minimum score in the live CTF (more detail will be given in class)
- Challenges and CTF will give an extra score on the base score;
- In the unlikely and unfortunate case that a student does not pass the lab, (s)he will need to pass an individual lab test.
Course material and books
All of the course material will be made available on-line here. The following books might anyway provide a useful reference:
- William Stallings, Lawrie Brown. Computer Security: Principles and Practice, 4th Edition. Pearson, 2018.
- J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
- R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2008.
- The virtual meeting point for the on-line classes is on Slack! You can automatically signup with either your
Table of contents (updated during the semester!)
- Background and tools
- Program exploitation
- [12/10/2018] Buffer overflow (slides)
- [18/10/2018] Stack overflow (slides)
- [19/10/2018] Challenge – OVERSHADE (on-line class) (tips)
- [25/10/2018]Mitigations and Secure coding (slides)
- [26/10/2018] Format strings (slides, recording)
- [08/11/2018] Exercises on stack protection
- [09/11/2018] Challenge – STARCALC (on-line class)
- System and network security
- Web security
- [29/11/2018] Server-side web attacks (slides)
- [30/11/2018] Secure Coding in PHP (slides)
- [06/12/2018] Blind SQL injections (slides)
- [07/12/2018] Challenge – RMB (on-line class)
- [TBA] Client-side web security
- [TBA] Cross site scripting (XSS)
- [TBA] Cross site request forgery (CSRF)
- [TBA] Challenge – OBXSSESSION (on-line class)
- Program exploitation lab
- Server-side web security lab
- Client-side web security lab