Vulnerability Analysis and Discovery
General
Semester | Winter 2015/16 |
Lecturer | Prof. Dr. Konrad Rieck |
Assistants | Fabian Yamaguchi, Alwin Maier |
Course type | Seminar |
Module | M.Inf.1128 |
ECTS (SWS) | 5 (2) |
Date | Introduction: 06.11.2015, 14:00-16:00 Presentations: 05.02.2016, 11:00-15:00 |
Location | Introduction: Room 1.101 Presentations: Room 1.101 |
Audio recording | No. Physical attendance required. |
Audience | Applied Computer Science MSc Applied Computer Science BSc |
Description
The seminar is concerned with the analysis and discovery of security vulnerabilities in software, both in system code and Web applications. We will be reviewing common types of vulnerabilities and their incarnations in open source programs. The student should be comfortable with reading both papers and code.
Presentations
Time | Paper |
11:00 - 11:30 | Format String Vulnerabilities |
Presenter: Robert Kratel | |
11:30 - 12:00 | Use-after-Free Vulnerabilities |
Presenter: Antonio Bozzano Schwedhelm | |
12:00 - 12:30 | Heap-Exploitation Techniques |
Presenter: Martin Schwarzmaier | |
13:30 - 14:00 | Command Injection |
Presenter: Florian Pätzold | |
14:00 - 14:30 | Attacking Access Control, Session Management |
Presenter: Alexander Trautsch | |
14:30 - 15:00 | Attacks on Data Stores |
Presenter: Amirreza Fazely |
Seminar Steps
Date | Step |
06.11.2015, 14:00-16:00 | Introduction and registration |
07.12.2016 | Arrange appointment with assistant |
14.12.2016 | Discuss draft with assistant |
15.01.2016 | Register with examination office (FlexNow) |
04.02.2016 | Send slides (PDF) to assistant |
05.02.2016, 11:00-15:00 | Final presentation |
Results
MD5 of matriculation number | Grade |
f275f36ca23a41e1db9ddc80925fb3c1 | 1.3 |
78f8513a1239ce4848249ff91c7814b1 | 5.0 |
799a120c0c0f8ebbf46a3c3b333d6f35 | 2.7 |
1c9c741ac89da147de014edee5015ac3 | 1.7 |
f45bf27319b32c2178381c6805f6d880 | 1.3 |
Mailing List
There is a mailing list for the seminar. News and updates regarding the seminar are posted to this list. You should register here.