Software Security 1

Winter 2025/2026
Team
Time and Place
  • Lecture: Wed 10–12, HZO 70
  • Exercise: Wed 14–16, MC 1/54
Language
English
2+2 SWS
5 ECTS

Course Description and Syllabus

The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:

  • Assembly and Disassembly, Shellcode
  • Binary Reverse Engineering and Debugging
  • Memory and Type Safety/Errors
  • Stack-based Buffer Overflows
  • Heap Attacks
  • Information Leakage
  • Format String Vulnerabilities
  • Code Re-use Attacks
  • Types and Type Safety
  • Race Conditions

Goals

At the end of this course, students will be able to:

  • classify and describe vulnerabilities and protection mechanisms of userspace applications for modern operating systems
  • analyze and reason about protection mechanisms for userspace software
  • identify vulnerabilities in software
  • develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
  • understand how to write code defensively to reduce the risk of vulnerabilities

Prerequisites

The following courses (or equivalent) are required:

  • System Security (211011)
  • Operating Systems (211005)

In exceptional circumstances and on written request only, this requirement may be waived by the responsible lecturer.

Exam

The exam will be a combined exam of:

  1. Practical assignments throughout the semester (60%)
  2. A written exam at the end of the semester (40%)

Both parts of the exam need to be passed individually to pass the course.