CSC 472/583 Software Security

Course Overview

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.

• The legal aspects of reverse engineering.
• Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
• The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

• Basic programming concepts (e.g. complete Java I, II)
• Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
• Familiar with Unix/Linux including the command-line shell and gdb
• Familiar with Intel x86 assembly language and architecture
• Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

1. Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
2. Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
3. Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

#	Date	Topic	Slides	Supporting Materials
Class 1	Aug 24, 2020	Introduction [Video]	ch01.pdf

Tutorials and Supporting Materials

• How to connect to BadgerCTF
• How to write a lab report
• Download MobaXterm (Windows)
• How to use VIM
• How to use Nano