SYSTEM, SOCIAL AND MOBILE SECURITY
Program
All slides in Unistudium
- Defensive Programming (14 hours)
- Stack overflows
- Heap overflows
- Shellcode
- Input validation and data sanitisation
- Correct handling of exceptions and unexpected behaviours
- Mitigation
- Operating system support (e.g., address space randomisation, canaries)
- Integer errors
- Concurrency and race conditions
- Static and dynamic analysis
- Program Verification
- Fuzz Testing
- XSS and SQL injection
- Smart Contract Security in Solidity
Lectures
- Thursday 7 March
- Introduction
- Flaw/Vulnerability/Exploit/Mitigation, C/C++, strings, unbounded buffer functions
- Tuesday 12 March.
- Buffer overflow, stack smashing, Arc injection (previous slides)
- Tuesday 19 March.
- Return-oriented Programming, Pointer subterfuge (previous slides)
- Wednesday 20 March.
- Integer security
- Race conditions and Fuzz testing
- Thursday 21 March.
- XSS and Database Security
- Wednesday 23 May
- Heap overflow
- Ethereum fundamentals
- Ethereum Smart Contract security
Reference Books
Title: Secure Coding in C and C++ Author: Robert Seacord Series: SEI Series in Software Engineering Paperback: 600 pages Publisher: Addison-Wesley Professional; 2 edition (April 12, 2013) Language: English ISBN-10: 0321822137 ISBN-13: 978-0321822130
Title: Mastering Ethereum: Building Smart Contracts and DApps Author: Andreas M. Antonopoulos, Gavin Wood Ph. D. Paperback: 424 pages Publisher: O'Reilly Media; 1 edition (December 23, 2018) Language: English ISBN-10: 1491971940 ISBN-13: 978-1491971949