Exercise: Software Security

Lecturer: Prof. Dieter Gollmann

Type: Exercises


- Reliabilty and Software Security
- Attacks exploiting character and integer representations
- Buffer overruns
- Vulnerabilities in memory managemet: double free attacks
- Race conditions
- SQL injection
- Cross-site scripting and cross-site request forgery
- Testing for security; taint analysis
- Type safe languages
- Development proceses for secure software

- Code-based access control

M. Howard, D. LeBlanc: Writing Secure Code, 2nd edition, Microsoft Press (2002)
G. Hoglund, G. McGraw: Exploiting Software, Addison-Wesley (2004)
L. Gong, G. Ellison, M. Dageforde: Inside Java 2 Platform Security, 2nd edition, Addison-Wesley (2003)
B. LaMacchia, S. Lange, M. Lyons, R. Martin, K. T. Price: .NET Framework Security, Addison-Wesley Professional (2002)
D. Gollmann: Computer Security, 3rd edition (2011)


Term: WiSe 17/18

Requirements: Familiarity with C/C++, web programming

Performance Record :Written exam

Stud.IP: Exercise: Software Security