Secure Programming I

Homepage
People
Research
Teaching
About
Abstract
Topics
Prerequisites
Location
Dates and Times
Slides
Challenges
Ratings
Standings
Environment
Examination
Registration

Secure Programming I

Lecturers

Engin Kirda

For correspondence, send a mail to secprog@iseclab.org

News

  1. 09.06.2010 Challenge 6 is online. Use your bandit credentials to access it. Good luck!
  2. 26.05.2010 Challenge 5 is online. Use your bandit credentials to access it. Good luck!
  3. 25.05.2010 Challenge 5 will be announced on 26.05.2010, at 16.00.
  4. 12.05.2010 Challenge 4 is online. Use your bandit credentials to access it. Good luck!
  5. 11.05.2010 Challenge 4 will be announced on 12.05.2010, at 15.00.
  6. 28.04.2010 Challenge 3 is online. Use your bandit credentials to access it. Good luck!
  7. 25.04.2010 Challenge 3 will be announced on 28.04.2010, at 15.00.
  8. 19.04.2010 Challenge 2 is online. Use your bandit credentials to access it. Good luck!
  9. 18.04.2010 Challenge 2 will be announced on 19.04.2010, at 15.00.
  10. 25.03.2010 Challenge 1 is online. Use your bandit credentials to access it. Good luck!
  11. 24.03.2010 Challenge 1 will be announced on 25.03.2010, at 15.00.
  12. 19.03.2010 Lectures will start at 09.00 promptly.
  13. 16.03.2010 In order to register for the course, send ek an e-mail.
  14. 12.02.2010 The web site for the 2010 summer semester will be updated by the middle of March.

Abstract

Internet security has become part of everyday life where security problems impact practical aspects of our lives. Even though there is a considerable corpus of knowledge about tools and techniques to protect networks, information about what are the actual vulnerabilities and how they are exploited is not generally available. This situation hampers the effectiveness of security research and practice. Understanding the details of network attacks is a prerequisite for the design and implementation of secure systems.

This course presents the principal protocols and applications that are used in the Internet today, discussing in detail the related vulnerabilities and how they are exploited. For each vulnerability, possible protection and detection techniques are examined. The course includes a number of practical lab assignments where participants are required to apply their knowledge as well as a discussion of the current research in the field. Students will learn how the security of networks can be violated and how such attacks can be detected and prevented.

The course aims to make the students "security aware" and gain a basic understanding about security issues. For students who are interested in advanced security topics and practical assignments, we offer the Secure Programming II class in the winter semester.

Topics

  • TCP/IP security (spoofing, hijacking, sequence number guessing, denial-of-service attacks)
  • Web security (SQL injection, parameter injection, parameter tampering, etc.)
  • Network discovery/vulnerability scanning: techniques and tools (portscans, ping sweeps)
  • Distributed systems security
  • Firewalls and traffic filtering
  • Intrusion Detection Systems
  • Buffer Overflows
  • Operational Practices
  • Architectural Principles and Testing

Prerequisites

  • basic operating system knowledge (Linux/Unix, Windows)
  • interest for technical security issues
  • good programming knowledge (e.g., Java, Web scripting, HTML advantageous)
  • basic database knowledge (SQL)
  • basic network knowledge (TCP/IP)

Dates and Times

Fridays, 09:00-12:00

Lecture dates:

04.06.2010 Lecture 6 / Held
20.05.2010 Lecture 5 / Held
07.05.2010 Lecture 4 / Held
23.04.2010 Lecture 3 / Held
02.04.2010 Lecture 2 / Held
19.03.2010 Lecture 1 / Held

Slides

New slides will be provided here after the lectures.

04.06.2010 Lecture 6 download
20.05.2010 Lecture 5 download
07.05.2010 Lecture 4 download
23.04.2010 Lecture 3 download
02.04.2010 Lecture 2 download
19.03.2010 Lecture 1 download

Practical Challenges (Assignments)

This year, the students will "need" to solve a set of practical challenges (assignments) in the lab part of the course. The practical part of the course aims to prepare the students for more advanced topics and programming done in the Secure Programming II course.

For more information on the challenges and the grading, check this page.

The current challenge is Challenge 6.

Examination

Written exam (English). About 15 questions, 60 minutes time, no course material allowed.

Registration

The lab part of the course will start on the 19th of March. Send a mail to EK to register.
Last Modified: Wed Jun 9 15:00:08 CEST 2010

International Secure Systems Lab www.iseclab.org