IT-systems are constantly under attack, by various kinds of attackers with diverse interests: criminal organizations with monetary interests, intelligence agencies, industrial espionage by states and companies.
The course covers the most common attack vectors on computer systems, including mobile devices, and the web. These include, for example, stack and heap overflows, format string vulnerabilities, integer overflows, return-oriented-programming, Cross-Site-Scripting (CSS/XSS), SQL Injections, and Cross-Site-Request-Forgery (XSRF), etc.
The course also discusses common defense mechanisms, including, for example, access control mechanisms, address space layout randomization (ASLR), static code analysis, security monitoring, input/output sanitization, prepared statements, etc.
You have to obtain at least 50% of all points in the homework in order to be admitted to the final exam.
The exam will either be a written exam (90 minutes) or an oral exam (30 minutes), depending on the number of participants.
Both the lecture and the exercise are held in English.