Secure Programming II

Secure Programming II (SecProg 2) @ Institute Eurecom

Lecturers

Engin Kirda (Institute Eurecom and Northeastern University)

For correspondence, send a mail to secprog@iseclab.org

News

  1. 28.01.2011 Challenge 8 is online. User your account credentials. Good luck!
  2. 28.01.2011 Challenge 7 is online. User your account credentials. Good luck!
  3. 07.01.2011 Challenge 6 is online. User your account credentials. Good luck!
  4. 17.12.2010 Challenge 5 is online. User your account credentials. Good luck!
  5. 03.12.2010 Challenge 4 is online. User your account credentials. Good luck!
  6. 19.11.2010 Challenge 3 is online. User your account credentials. Good luck!
  7. 29.10.2010 Challenge 2 is online. User your account credentials. Good luck!
  8. 15.10.2010 Challenge 1 is online. User your account credentials. Good luck!
  9. 15.10.2010 The first challenge will be announced today after the lecture.
  10. 08.10.2010 The page for SecProg 2 will be updated by next week.

Abstract

Secure Programming II (i.e., SecProg 2) serves as a continuation for the class Secure Programming . The idea is to present problems in more detail and allow students to apply their knowledge in practical exercises. Because the class will feature a number of programming exercises, students are required to have considerable programming experience. The lecture deals with common programming mistakes and ways to detect and avoid them. Examples are used to highlight general error classes, such as stack and heap overflows.

Topics

  • Operating system security and vulnerabilities (UNIX, Windows, stack and heap overflows)
  • Windows Security
  • Buffer Overflows (including Heap overflow)
  • Fuzzing
  • Reverse engineering and binary analysis
  • Viruses, worms, malware and malicious code
  • Underground economy
  • Botnets
  • Social Networks

Prerequisites

  • Time! ;-) == You will be programming every week or so!
  • good programming/developing skills (C - x86 assembler advantageous)
  • Secure Programming
  • Experience with Linux and Windows

Assignments

There are a set of "challenges" that the students are required to solve. These challenges are security-related programming assignments (e.g., buffer overflows, application cracking, virus coding, etc.).

The challenges will be announced on a regular basis, most of them following the content of the lectures.

Location, Dates and Times

There are lectures every week. Lectures are held on Fridays in EC05 at 13.30 (prompt).

Slides

Here, you will find the PDF version of all presented slides.

14.01.2011, Lecture 11 slides
07.01.2011, Lecture 10 slides
17.12.2010, Lecture 9 slides
03.12.2010, Lecture 8 slides
04.12.2010, Lecture 7 slides
19.11.2010, Lecture 6 slides
20.11.2010, Lecture 5 slides
29.10.2010, Lecture 4 slides
22.10.2010, Lecture 3 slides
15.10.2010, Lecture 2 slides
08.10.2010, Lecture 1 slides

Examination

There will be an exam at the end of the course, in February.

Registration

The SecProg II registration will start on the 8th of October and will continue until the 26th of October. Details for registration will be announced during the first lecture.
Last Modified: Fri Feb 4 17:05:26 CET 2011


International Secure Systems Lab www.iseclab.org