SECURITY

Academic year
2019/2020 Syllabus of previous years
Official course title
SICUREZZA
Course code
CT0539 (AF:314738 AR:168583)
Modality
On campus classes
ECTS credits
6
Degree level
Bachelor's Degree Programme
Educational sector code
INF/01
Period
2nd Semester
Course year
3
Where
VENEZIA
This course aims at introducing basic concepts and techniques for the development of secure applications, systems and networks. The first part is devoted to basic scripting and program analysis tools. Then, the course illustrates the main attack and defence techniques for applications, systems and networks, with a particular focus on secure programming principles. Students will be challenged with practical problems requiring to find and exploit a vulnerability on example applications.
- knowledge of basic concepts and techniques for the development of secure systems and networks;
- knowledge of attack and defence techniques related to program exploitation, system, network and web security;
- skills related to securing real systems and networks, developed through practical exercises.
It is required basic knowledge of programming, computer architectures, operating systems and computer networks.
1. Background and tools
1.1 Introduction to Linux shell
1.2 Introduction to Python
1.3 Intel assembly
1.4 Program analysis

2. Program exploitation
2.1 Overflow and stack protection
2.2 Overwriting the return address
2.3 Format strings
2.4 Secure programming and countermeasures

3. System and network security
3.1 Identification
3.2 Access control
3.3 Firewall configuration

4. Web security (server side)
4.1 SQL injections
4.2 Blind SQL injections
4.3 Prevention of server side attacks

5. Web security (client side)
5.1 Cross site scripting (XSS)
5.2 Cross site request forgery (CSRF)
5.3 Prevention of client side attacks
J. Erickson, Hacking, the art of exploitation, No starch press, 2008.
The exam consists of a written test that aims at verifying the knowledge of the different topics of the course. Assignments are not mandatory and aim at putting into practice the knowledge acquired and at verifying the competence in attacking and securing IT systems and networks. Assignments consist of a problem (challenge) to solve, giving an extra score with respect to the the mark of the written test.
Theoretical and practical lectures in class;
Online resources (lecture notes, slides, videos);
Chat and forum;
Challenges on various topics that give extra score.
Italian
written
Definitive programme.
Last update of the programme: 23/07/2019