PROJEKT: Softwaresicherheit - WS 2005/06
| 18.342 |
|
Projekt: Softwaresicherheit (Teil 1) |
Time: |
Wednesday 14-18 Uhr (4 SWS) |
Location: |
F-633 [SVS Lab] |
Organisers: |
Joachim Posegga; Robert Olotu, Daniel Schreckling |
Page content
Schedule for talks
In this section you find the titles for talks scheduled within this lab. If you are interested in a talk which has not been assigned yet, send an email to Daniel Schreckling.
NOTE:There are no more slots for group presentations left.
| Date |
Title |
Name(s) |
| 26.10. |
Karate and Computer Science - Know How and the Consequences  |
Stefan Kürten, Florian Rudolph |
| 02.11. |
Web (Database) Applications and SQL |
Alice Winnicki, Nadine Wunderlich |
| 09.11. |
Session Management and PHP Insecurities |
Roland Illig |
| 16.11. |
Secure (Web-)Application Development Guidelines (OWASP, NIST, ...) |
Hennes Schäfer |
| Aufbau von ASP.Net Applikationen (German) |
Christopher Otsubo |
| 23.11. |
Linux process address space (layout,variables,dynamic memory,stack,heap) |
Lorenz Knies, Othello Maurer |
| 30.11. |
Project Presentations |
M.Johns, H.C.Pöhls,
D.Schreckling, J.Seedorf |
| 07.12. |
C programs, assembler code and ELF binaries |
Benjamin Wagrocki |
| 14.12. |
Shell code (construction, use, problems) |
Dennis Bliefernicht |
| 21.12. |
Buffer Overflow Protection Mechanisms and Heap Overflows) |
Moritz Jodeit, Jeremias Reith |
| 11.01. |
Format strings - Syntax, Options, Functionality, Pitfalls ... |
Christopher Otsubo |
| 18.01. |
Advanced Software Analysis Tools |
Stephan Sutardi |
(Sub)Projects
The following list contains the projects offered in the second part of the project starting on January, 25th, 2006. They were presented in the lab session on November, 30th, 2005. Follow the links to get the project descriptions or use the SoftSec portal to learn more about them.
Please do not forget to send an EMail to Daniel Schreckling until December, 15th, 2005, which indicate your three most favorite projects you want to participate in. Please order them according to your preference.
| Project |
Name |
Participants |
Tutor |
| 1 |
Testing SIP User Agents |
Mieke Hildebrand,
Stephan Sutardi,
Alice Winnicki |
J. Seedorf |
| 2 |
Testing SIP Servers |
Lorenz Knies,
Othello Maurer |
| 3 |
Implementing a B2B User Agent |
Christian Beyerlein,
Mark Bröcker |
| 4 |
Lightweight Firewall |
Stefan Kürten,
Florian Rudolph,
Benjamin Wagrocki
|
H.C.Pöhls |
| 5 |
Secure IP Stack |
|
| 6 |
Security enhanced IDE |
Nils Hoier,
Hennes Schäfer |
M.Johns,
D.Schreckling |
| 7 |
Security enhanced VCS |
Björn Engelmann,
Benjamin Leipold |
| 8 |
Control flow analysis of PHP applications |
Jeremias Reith,
Nadine Wunderlich |
| 9 |
Evaluating and Combination of Security Analysis tools |
Moritz Jodeith |
| 10 |
Binary Patching |
Dennis Bliefernicht,
Roland Illig,
Christopher Otsubo |
M. Johns |
Note: The (project) links above are only accessible from within the university network
On December, 21st, 2005, we are going to publish the assignment of students to the above projects. Please note, that we are going to merge some projects into one. However, the content you will work on, will basically remain the same.
Preparatory Meeting
Wednesday, October 5th, 2005, 2 pm, F-633 [SVS Lab]
The meeting is obligatory for participating in this class. The program of the project will be presented, preparing literature will be specified. Additionally, the binding registration will take place during this meeting.
Slides
The following students are accepted for this lab:
| Name |
First name |
| Beyerlein |
Christian |
| Bliefermicht |
Dennis |
| Bröcker |
Mark |
| Engelmann |
Björn |
| Hildebrand |
Mieke |
| Hoier |
Nils |
| Illig |
Roland |
| Jodeit |
Moritz |
| Knies |
Lorenz |
| Kürten |
Stefan |
| Name |
First name |
| Leipold |
Benjamin |
| Maurer |
Othello |
| Otsubo |
Christopher |
| Reith |
Jeremias |
| Rudolph |
Florian |
| Schäfer |
Hennes |
| Sutardi |
Stephan |
| Wagrocki |
Benjamin |
| Winnicki |
Alice |
| Wunderlich |
Nadine |
Prerequisites
- Vordiplom
- Good programming skills
- Basic knowledge of operating systems
- Basic knowledge of web applications
Project Outline
The project spreads over two semesters. In the first semester, selected topics in the realm of software security will be discussed. It will cover four semester hours and represents the introductory part of this class where you will learn about common challenges, methods for their resolution, and you will need to provide answers to the given problems.
On the basis of the acquired knowledge, you will have to choose among several distinct projects. In groups of three to four students you will work independently on current practical issues in software security. In the second semester of the project, covering two semester hours, regular meetings with your assigned tutor will guide you to a final presentation of your project.
Topics covered
Here are some topics covered in this course. Note, that this list is not exhaustive:
- Web-service security
- SQL Injection
- Cross-Site Scripting
- Session Hijacking
- Remote Code Injection
- Input Filtering
- Common vulnerabilites (buffer overflows, integer overflows, signedness problems, format strings problems)
- how do they work
- how to exploit them
- how to detect them
- how to prevent them
- Software analysis tools
More information
Venard Luxe
|
Sitemap 
Search
