Schedule
The following course schedule is non-binding and may change at any time and without prior announcement.
No. | Date | Lecture Topic | VOTD | Lecturer |
1 | 06.04.22 | Intro | CSRF | Bodden |
2 | 13.04.22 | Requirements, Misuse & Abuse Cases | SQL Injection | Bodden |
3 | 20.04.22 | System Design / Threat Modeling | XSS | Venkatesh |
4 | 27.04.22 | Risk Management & Test Planning | Log overflow, Path traversal | Schott |
5 | 04.05.22 | Defensive Coding / Pitfalls | Confused deputy | Bodden |
6 | 11.05.22 | Correct usage of security mechanisms / Applied Crypto | Hardcoded credentials, Hashing without salt | Bodden |
7 | 18.05.22 | Applied Crypto (continued) | Embedded DTDs, Poor PRNGs | Schott |
8 | 25.05.22 | Code Inspection | OS command injection, Uncontrolled format string | Bodden |
9 | 01.06.22 | Vulnerability Assessment | Cache poisoning | Bodden |
---- | ----- | End of 4CP-Course | ----- | ----- |
10 | 08.06.22 | Deployment | Race condition / time of check, time of use | Bodden |
11 | 15.06.22 | Insider Threats | TBA | Bodden |
12 | 22.06.22 | Usability | TBA | Bodden |
13 | 29.06.22 | TBA | ||
14 | 06.07.22 | Professional trainings in Secure Software Engineering | - | Dziwok |
15 | 13.07.22 | Recap | Bodden |