Exercise: Software Security

Lecturer: Prof. Dieter Gollmann Ann-Christine Kycler, M. Sc

Type: Exercises

<p>- Reliabilty and Software Security<br />- Attacks exploiting character and integer representations<br />- Buffer overruns<br />- Vulnerabilities in memory managemet: double free attacks<br />- Race conditions<br />- SQL injection<br />- Cross-site scripting and cross-site request forgery<br />- Testing for security; taint analysis<br />- Type safe languages<br />- Development proceses for secure software<br /><br /> - Code-based access control</p><p>M. Howard, D. LeBlanc: Writing Secure Code, 2nd edition, Microsoft Press (2002)<br />G. Hoglund, G. McGraw: Exploiting Software, Addison-Wesley (2004)<br />L. Gong, G. Ellison, M. Dageforde: Inside Java 2 Platform Security, 2nd edition, Addison-Wesley (2003)<br />B. LaMacchia, S. Lange, M. Lyons, R. Martin, K. T. Price: .NET Framework Security, Addison-Wesley Professional (2002)<br />D. Gollmann: Computer Security, 3rd edition (2011)</p>

(H - SBC5 Room H0.01): Mon.. 09:45 - 11:15 (2x), (D - SBC4 Raum D0.010): Thu.. 11:30 - 13:00 (3x)

Mon.. 09:45 - 11:15 (weekly) - second run of the weekly exercise, Thu.. 11:30 - 13:00 (weekly) - Übung Software-Sicherheit

Term: WiSe 19/20

Requirements: Familiarity with C/C++, web programming

Performance Record :Written exam

Stud.IP: Exercise: Software Security