Questões de Segurança em Engenharia de Software

2019/20

Mestrado em Segurança Informática
Departamento de Ciência de Computadores
Faculdade de Ciências da Universidade do Porto

Home | Lectures | Projects | Exams | Piazza

Lectures

Slides

Security and Software Engineering - introduction

All input is evil

Injection vulnerabilities

Web application vulnerabilities

Buffer overflow vulnerabilities

Software testing

Concurrency and Security

Laboratory exercises

Lab 1 - injection, SQLi, input validation

Google Cloud Platform setup

Lab 2 - Web application vulnerabilities (part 1)

Lab 3 - Web application vulnerabilities (part 2)

Lab 4 - C programs: memory safety, buffer overflows, use of runtime sanitizers

Lab 5 - buffer overflows and stack-smashing attacks

Lab 6 - unit testing, fuzzing