Computer Security

Vulnerability Analysis and Discovery


General


SemesterWinter 2015/16
LecturerProf. Dr. Konrad Rieck
AssistantsFabian Yamaguchi, Alwin Maier
Course typeSeminar
ModuleM.Inf.1128
ECTS (SWS)5 (2)
DateIntroduction: 06.11.2015, 14:00-16:00
Presentations: 05.02.2016, 11:00-15:00
LocationIntroduction: Room 1.101
Presentations: Room 1.101
Audio recordingNo.
Physical attendance required.
AudienceApplied Computer Science MSc
Applied Computer Science BSc

Description


The seminar is concerned with the analysis and discovery of security vulnerabilities in software, both in system code and Web applications. We will be reviewing common types of vulnerabilities and their incarnations in open source programs. The student should be comfortable with reading both papers and code.

Presentations


 Time Paper
 11:00 - 11:30Format String Vulnerabilities
Presenter: Robert Kratel
 11:30 - 12:00Use-after-Free Vulnerabilities
Presenter: Antonio Bozzano Schwedhelm
 12:00 - 12:30Heap-Exploitation Techniques
Presenter: Martin Schwarzmaier
 13:30 - 14:00Command Injection
Presenter: Florian Pätzold
 14:00 - 14:30Attacking Access Control, Session Management
Presenter: Alexander Trautsch
 14:30 - 15:00Attacks on Data Stores
Presenter: Amirreza Fazely

Seminar Steps


 Date Step
 06.11.2015, 14:00-16:00 Introduction and registration
 07.12.2016 Arrange appointment with assistant
 14.12.2016 Discuss draft with assistant
 15.01.2016 Register with examination office (FlexNow)
 04.02.2016 Send slides (PDF) to assistant
 05.02.2016, 11:00-15:00 Final presentation

Results

     MD5 of matriculation number Grade
    f275f36ca23a41e1db9ddc80925fb3c11.3
    78f8513a1239ce4848249ff91c7814b15.0
    799a120c0c0f8ebbf46a3c3b333d6f352.7
    1c9c741ac89da147de014edee5015ac31.7
    f45bf27319b32c2178381c6805f6d8801.3

    results


    Mailing List


    There is a mailing list for the seminar. News and updates regarding the seminar are posted to this list. You should register here.