This course aims at introducing basic concepts and techniques for the development of secure systems and networks. The course is formally split in two modules [CM0475] Security 1 (classes) and [CM0494] Security 2 (lab). This course used to cover cryptography which is now a separate course.
Security is one of the courses of the Laurea Magistrale (Master degree) in Computer Science at Ca’ Foscari, Venice. It is a blended course of the Ca’ Foscari e-learning program and combines traditional classroom teaching with on-line classes, tutoring, challenges and a live Capture The Flag (CTF).
- [10 Oct. 2017] Seminar by Giancarlo Pellegrino (CISPA, Germany)
- [20 Sep. 2017] The virtual meeting point is Slack. Read below for more information.
- [18 Sep. 2017] This year the course will be reorganised and spread on the two semesters. The first part will cover the concepts and will be in class, with six on-line challenges, the second part will mostly be on-line with a live CTF concentrated in three days. Stay tuned for more information!
- Written exam giving a base score;
- Challenges giving bonus on the base score: first submitted: +1, second and third: +0.5. Students completing all the six challenges will get +1 bonus;
- To access the bonus, solutions to challenges must include a short but clear explanation and the code of adopted scripts, exhaustively commented.
- The base score is the one of the first part;
- The CTF lab is passed by each team that will implement at least a successful attack and will score better than the “idlers” team in two of the three services of the CTF (more detail will be given in class)l
- The first three teams in the CTF will get a +2, +1, +0.5 bonus on the base score, respectively;
- In the unlikely and unfortunate case that members of a team do not pass the CTF lab, they will need to pass an individual lab exam.
- J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
- R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2008.
- The virtual meeting point for the on-line classes is on Slack! You can automatically signup with either your
- We set up a 32bit Linux virtual machine called testbed to let you experiment with the proposed exercises. Learn more!
- Background and tools
- Program exploitation
- System and network security
- Web security
- [22/11/2017] Server-side web attacks
- [28/11/2017] Blind SQL injections
- [29/11/2017] Secure Coding in PHP
- [5/12/2017] Challenge – RMB (on-line class)
- [6/12/2017] Client-side web security
- [12/12/2017] Cross site scripting (XSS)
- [13/12/2017] Cross site request forgery (CSRF)
- [19/12/2017] Challenge – OBXSSESSION (on-line class)
- Program exploitation lab
- [5/2/2018] Program analysis with IDA (Lab 3)
Course material and books
All of the course material will be made available on-line here. The following books might anyway provide a useful reference: