SYSTEM, SOCIAL AND MOBILE SECURITY

Program

All slides in Unistudium

  • Defensive Programming (14 hours)
    • Stack overflows
    • Heap overflows
    • Shellcode
    • Input validation and data sanitisation
    • Correct handling of exceptions and unexpected behaviours
    • Mitigation
    • Operating system support (e.g., address space randomisation, canaries)
    • Integer errors
    • Concurrency and race conditions
    • Static and dynamic analysis
    • Program Verification
    • Fuzz Testing
    • XSS and SQL injection
    • Smart Contract Security in Solidity


Lectures

  • Thursday 7 March
    • Introduction
    • Flaw/Vulnerability/Exploit/Mitigation, C/C++, strings, unbounded buffer functions
  • Tuesday 12 March.
    • Buffer overflow, stack smashing, Arc injection (previous slides)
  • Tuesday 19 March.
    • Return-oriented Programming, Pointer subterfuge (previous slides)
  • Wednesday 20 March.
    • Integer security
    • Race conditions and Fuzz testing
  • Thursday 21 March.
    • XSS and Database Security
  • Wednesday 23 May
    • Heap overflow
    • Ethereum fundamentals
    • Ethereum Smart Contract security


Reference Books

Secure Coding in C/C++ Title: Secure Coding in C and C++ Author: Robert Seacord Series: SEI Series in Software Engineering Paperback: 600 pages Publisher: Addison-Wesley Professional; 2 edition (April 12, 2013) Language: English ISBN-10: 0321822137 ISBN-13: 978-0321822130

Secure Coding in C/C++ Title: Mastering Ethereum: Building Smart Contracts and DApps Author: Andreas M. Antonopoulos, Gavin Wood Ph. D. Paperback: 424 pages Publisher: O'Reilly Media; 1 edition (December 23, 2018) Language: English ISBN-10: 1491971940 ISBN-13: 978-1491971949

Francesco Santini