Software Security 1
Winter 2025/2026Team
- Prof. Dr. Kevin Borgolte
- Felipe Novais
Time and Place
- Lecture: Wed 10–12, HZO 70
- Exercise: Wed 14–16, MC 1/54
Course Description and Syllabus
The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:
- Assembly and Disassembly, Shellcode
- Binary Reverse Engineering and Debugging
- Memory and Type Safety/Errors
- Stack-based Buffer Overflows
- Heap Attacks
- Information Leakage
- Format String Vulnerabilities
- Code Re-use Attacks
- Types and Type Safety
- Race Conditions
Goals
At the end of this course, students will be able to:
- classify and describe vulnerabilities and protection mechanisms of userspace applications for modern operating systems
- analyze and reason about protection mechanisms for userspace software
- identify vulnerabilities in software
- develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
- understand how to write code defensively to reduce the risk of vulnerabilities
Prerequisites
The following courses (or equivalent) are required:
- System Security (211011)
- Operating Systems (211005)
In exceptional circumstances and on written request only, this requirement may be waived by the responsible lecturer.
Exam
The exam will be a combined exam of:
- Practical assignments throughout the semester (60%)
- A written exam at the end of the semester (40%)
Both parts of the exam need to be passed individually to pass the course.