SECURITY

Academic year
2020/2021 Syllabus of previous years
Official course title
SICUREZZA
Course code
CT0539 (AF:320627 AR:172515)
Modality
On campus classes
ECTS credits
6
Degree level
Bachelor's Degree Programme
Educational sector code
INF/01
Period
1st Semester
Course year
3
Where
VENEZIA
Moodle
Go to Moodle page
This course aims at introducing basic concepts and techniques for the development of secure applications, systems and networks. The first part is devoted to basic scripting and program analysis tools. Then, the course illustrates the main attack and defence techniques for applications, systems and networks, with a particular focus on secure programming principles. Students will be challenged with practical problems requiring to find and exploit a vulnerability on example applications.
- knowledge of basic concepts and techniques for the development of secure systems and networks;
- knowledge of attack and defence techniques related to program exploitation, system, network and web security;
- skills related to securing real systems and networks, developed through practical exercises.
It is required basic knowledge of programming, computer architectures, operating systems and computer networks.
1. Background and tools
1.1 Introduction to Unix shell
1.2 Stream editor and regular expressions
1.3 Introduction to Python

2. Program analysis
2.1 Assembly x86-64
2.2 Dynamic program analysis

3. Program exploitation
3.1 Buffer overflow
3.2 Stack overflow
3.3 Format strings
3.4 Secure coding

4. System and network security
4.1 Identification
4.2 Access control
4.3 Firewalls

5. Web security (server side)
5.1 Web attacks
5.2 SQL injections and defences
5.3 Blind SQL injections

6. Web security (client side)
6.1 Security mechanisms
6.2 Attacks: XSS and CSRF
J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
The exam consists of a written test that aims at verifying the knowledge of the different topics of the course. Assignments are not mandatory and aim at putting into practice the knowledge acquired and at verifying the competence in attacking and securing IT systems and networks. Assignments consist of a problem (challenge) to solve, giving an extra score with respect to the the mark of the written test.
Theoretical and practical lectures in class;
Online resources (lecture notes, slides, videos);
Chat and forum;
Challenges on various topics that give extra score.
Italian
written
Definitive programme.
Last update of the programme: 20/04/2020