Many security problems in software systems are due to careless use of unsafe programming techniques. Preventing security problems should be an integral part of the software development process. The course studies the nature of security vulnerabilities in software systems, techniques to detect and prevent these problems, and the embedding of these techniques in a security-aware software development process.
I3 Deadline Extension
at Sun, Jan 31, 2016 19:26:44
The deadline for I3 has been extended, new deadline is Sunday February 7.
at Tue, Jan 26, 2016 16:07:55
To start the exam, no additional registration key is required, log into Weblab and go to the exam assignment which is open tomorrow, January 27, from 14:00-17:00.
For questions during the exam, ask through the discussion feature of Weblab or message me on Slack.
The questions are essay questions in Weblab, with a single input area. These input forms do not keep track of history, so you could use a local text editor instead, and copy into the form when ready. The system uses Markdown to render the entered text.
I posted example questions in #announcements in Slack.
If you haven’t used Slack yet for this course, please send me an email and I will invite you.
Assignment D2 Available
at Mon, Dec 7, 2015 20:30:58
Assignment D2 is now available. When you open your submission you will see the peer submission that you should review.
Reading on Web Application Vulnerabilities
at Wed, Dec 2, 2015 19:20:13
The lecture notes for Week 4 provide links to the OWASP pages for Web Parameter Tampering, SQL Injection, Session Hijacking, XSS, and XSS. Please read these notes before next week’s lecture. Danny Groenewegen will then discuss (language-based) counter measures against these vulnerabilities and will assume you understand these issues.
Slides for Lecture 4 on Web Application Security
at Wed, Dec 2, 2015 13:58:24
The slides for Lecture 4 by Sandro Etalle for December 2 on web application security are now available.