Integrated course, 3.00 ECTS
Introduction to software security (software engineering practices, secure software development life cycle, knowledge for software security);
Reverse engineering (C environment, Java environment, code obfuscation);
Secure coding (taxonomy of coding errors, encapsulation, data validation, buffer overflow, error handling & logging, security features)
The students know the most important activities in the secure software development life cycle.
Students are able to apply reverse engineering methods for C and Java binaries, as well as code obfuscation techniques.
Students can apply the principles of Secure Coding in practice and identify and eliminate security-relevant weaknesses in the implementation of software systems.
Recommended or required reading and other learning resources / tools
Gary R. McGraw, Software Security: Building Security In, Addison Wesley, 2006;
Laura Bell & Michael Brunton-Spall, Agile Application Security, O'Reilly, 2017;
Jon Erickson, Hacking: The Art of Exploitation, No Starch Press, 2008;
Bruce Dang, Practical Reverse Engineering, Wiley, 2014;
Ginger Myles, Surreptitious Software, Pearson Education, 2009;
Robert C. Seacord, CERT® C Coding Standard, Addison-Wesley, Second Edition 2014;
Fred Long et al., The CERT Oracle Secure Coding Standard for Java, Addison-Wesley, 2011;
Jeffrey E.F. Friedl, Mastering Regular Expressions, O'Reilly, 2006;
David Hook, Beginning Cryptography with Java, 2005;
Joshua Bloch, Effective Java, Addison-Wesley, 2017
Mode of delivery
Inverted classroom model:
Lectures (almost exclusively online);
Examples and model solutions for self-directed learning;
Problem-Based Learning in the lab.
Prerequisites and co-requisites
Basic C und Java knowledge.
Assessment methods and criteria
Practical laboratory tests (40% of the evaluation);
Final exam at the end of the semester (60% of the evaluation)