CA647 Secure Programming

Darragh O'Brien B.Sc. Ph.D., School of Computing, Dublin City University

• Timetable
• Lectures
• Labs
• VMWare
• Assignments
• Further reading
• Practicums

• Up to lecture 16 online
  

• Lab 9 online
  

• Assignment 1 online: Due Friday 27 November
  

• Lab exam scheduled for Tuesday 8 December
  

Useful links

Websites

CERT Secure Coding
CERT Secure Coding Standards
Mitre CWE
Top 25 Coding Errors
Microsoft SDL
BSIMM

C programming

Steve Holmes
David Marshall
Electronic copy of Deep C Secrets by Peter van der Linden in library

GDB

The GDB manual

Other courses

Seacord's Secure C Programming
Peine's Secure Programming
Meunier's Secure Programming
Computer Security at Berkeley
Security video lectures from Google
William Stallings website
Security videos from Microsoft

Lectures

1-up	4-up	Topic	Video
Lecture 01	Lecture 01	Introduction	Intro, software, gcc
Lecture 02	Lecture 02	The stack	1, 2, 3, 4, 5, 6
Lecture 03	Lecture 03	Linking	1, 2, 3, 4
Lecture 04	Lecture 04	Processes	1, 2, 3
Lecture 05	Lecture 05	Insecure C	2, 3, 4
Lecture 06	Lecture 06	Shellcode	1, 2, 3
Lecture 07	Lecture 07	Defences	1, 2, 3
Lecture 08	Lecture 08	Permissions	1, 2, 3, 4, 5, 6
Lecture 09	Lecture 09	Guidelines	1, 2, 3
Lecture 10	Lecture 10	Integers	1, 2, 3, 4, 5, 6
Lecture 11	Lecture 11	Arc injection	1, 2, 3, 4
Lecture 12	Lecture 12	Web security	2, 3
Lecture 13	Lecture 13	Web security	1, 2, 3, 4
Lecture 14	Lecture 14	Web security	1, 2, 3, 4, 5
Lecture 15	Lecture 15	Security policy	No video
Lecture 16	Lecture 16	Access control	1, 2, 3
Lecture 17	Lecture 17
Lecture 18	Lecture 18
Lecture 19	Lecture 19
Lecture 20	Lecture 20
Lecture 21	Lecture 21

Labs

Lab #01, video [Process layout]
Lab #02 [Vulnerabilities]
Lab #03 [Shellcode]
Lab #04 [Revision]
Lab #05 [Permissions]
Lab #06 [Integers]
Lab #07
Lab #08 [Revision]
Lab #09 [Web security]
Lab #10
Microsoft virtual labs
SEED labs

Revision

Unix
Arc and heap overflow attacks
Integers
Web security

VMWare

If you do not want to go to the trouble of installing gcc yourself a VMWare appliance with gcc-3.4.6 already installed is available for download here. The image is 1.5Gb in size so download it on our network. The virtual machine is configured to use the School of Computing's network. Usernames (and corresponding passwords) are student and root. To unpack the appliance you will need the software available here. To use it you will have to install the free VMWare Player.

FAQ

Q. How do I unpack the appliance?
A. You can use the software available here.

Q. How do I change the keyboard layout in Linux?
A. Go to Applications->System->Configuration-> Configure X11 System (Sax2). From there select keyboard and configure it appropriately.

Q. How do I disable/enable address space randomisation?
A. sudo /sbin/sysctl kernel.randomize_va_space=0|1.

Q. How do I do so permanently?
A. Add kernel.randomize_va_space=0 to /etc/sysctl.conf and reboot.

Assignments

Assignment #01
Assignment #02

Assignment results

Results

Further reading

Further reading

Practicums

Practicums

Valid XHTML | Valid CSS | Copyright © Darragh O'Brien | Design by SmallPark