• Course code:63774
  • Credits:6
  • Semester: summer
  • Contents

Due to the increased use of technology in systems that deal with sensitive data, efficiency and speed are no longer the only conditions when it comes to software development. More and more attention must be paid to security and reliability. In the course, students will be introduced to modern software abuse techniques, as well as with security mechanisms built into the software, with the aim of preventing and limiting the scope of abuse. The contents of the course include the following topics: • User inputs and related issues (sanitization, compression attacks) Injecting malicious code into communication with the backend (SQL, comments, timing attacks, data exfiltration, writing files) • Casting through types (large numbers, unrepresentable numbers, string size) • Attacks through XML/HTML (escaping, stored/cross-site scripting, server-side request forgery) • Format attacks (executable regex and format string, format mismatching) • Logs (usability, injection, monitoring, drilling commands) • Abuse of cryptographic standards (HMAC, signing, CBC/ECB/GCM encoding, proofof-existence signing) • Authentication algorithms (JWT, openID, Auth0) • Deserialization of objects (dangers, JSON dump, user state) • The issue of dependent libraries (library version limitation, supply chain attacks) • Race condition (through threads/processes) • Defensive programming (Error checking, expecting exceptions, checking undefined function results, sanitizing input data, returning to stable state) • Debugging tools, reproducibility of compiled code, CI/CD • Penetration tests • Static code analysis, fuzzer, tools for automatic code quality check.

  • Study programmes
  • Distribution of hours per semester
laboratory work
  • Professor
Room:R2.29 - Laboratorij LGM