Practical Course: Application Security

Overview

SemesterSommer 2020
Course typeLab
LecturerGunnar Hartung, Jeremias Mechler, Prof. Dr. Jörn Müller Quade, Jun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits4 ECTS
Time09:45–11:15
Room252, Building 50.34
LanguageEnglish and/or German
Linkhttps://campus.kit.edu/campus/all/event.asp?gguid=0x1C5FF4E0F8F8499AAFBA558DC666C383
Registrationhttps://ilias.studium.kit.edu/goto.php?target=crs_1086301

Description

In this course you are learning techniques for exploiting software bugs as well as common countermeasures. By solving practical exercises your gather hands-on experience in the following topics:

  • Buffer Overflows
  • Shellcode Injection
  • Return Oriented Programming
  • Format String Attacks
  • Address Space Layout Randomization
  • Stack Canaries

In most cases, you will obtain a "flag" (a short code) for which you are awarded points, that in turn are required to pass the course. Flags need to be submitted here.

Prerequisites

The affinity to low-level work and basic but solid programming skills in a language of your choice (e.g., Python) are necessary to fully enjoy the course. Moreover, basic programming skills in Python are required for a (small) part of the lab. Knowledge of C or x86-assembly language is helpful, but we will cover the very basics during the lab. Furthermore, a certain familiarity with a linux command line environment is assumed. You need to have successfully passed the following (bachelor) courses:

  • "Rechnerorganisation", and
  • "Betriebssysteme" (Operating Systems)