Sicurezza

This page contains the material of (new) undergraduate course Sicurezza held by Prof. Riccardo Focardi . Course is taught in Italian but this page and all the material is in English.

On-line classes from 2 marzo 2020

NEW: due to Coronavirus emergency all classes from March 2, 2020 until end of emergency will be taught online.

Exam and optional assignments (challenges)

The exam consists of a written test that aims at verifying the knowledge of the different topics of the course. Assignments are optional and consist of a problem (challenge) to solve, giving an extra score with respect to the the mark of the written test.

Textbooks

Course if strongly based on on-line material since there exists no textbook covering practical security in a satisfactory way. All slides, links and extra material will be made available in this page. For program exploitation it is possible to refer to the (not so recent) book: J. Erickson, Hacking, the art of exploitation, No starch press, 2008.

Useful links

Program and on-line material

Classes and labs will take place in labs 3 and 5. The course program will be updated during the semester.

IMPORTANT NOTE: Trying attacks on real systems is against law and you might be prosecuted. Always do experiments with test hosts and users.

Background e TOOLS

Program exploitation

  • [10/03/2020] Buffer overflow (slides, class-first part, ex. solution)
  • [12/03/2020] Stack overflow (slides, class)
  • [17/03/2020] Lab on stack protector (on-line lab)
  • [19/03/2020] Format strings (slides, class)
  • [24/03/2020] Secure coding (slides ,class)
  • [25/03/2020] Challenge 2: program exploitation (challenge, on-line at 10:30 on slack)

    System and network security

  • Identification
  • Access control
  • Network security

    web security (server)

  • SQL injections
  • Blind SQL injections
  • Prevention of SQL injections

    WEB SECURITY (client)

  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)
  • Client-side security