Schedule

The following course schedule is non-binding and may change at any time and without prior announcement.

Date Lecture Topic VOTD Lecturer BiBiFi Contest
01.02.18 no lecture
12.10.17 Intro CSRF Mory Introduction to the contest
19.10.17 Requirements, Misuse & Abuse Cases SQL Injection Dann Introduction to Build It
26.10.17 System Design / Threat Modeling XSS Geismann
02.11.17 Risk Management & Test Planning Log overflow, Path traversal Bodden
09.11.17 Defensive Coding / Pitfalls Confused deputy Bodden
16.11.17 Correct usage of security mechanisms Java reflection abuse Bodden Introduction to Break-It
23.11.17 Applied Crypto; then Guest Talk by Mindsquare Hardcoded credentials, Embedded DTDs Bodden, Harmes
30.11.17 Applied Crypto (continued); then presentation about new tool CogniCrypt Hashing without salt, Poor PRNGs Bodden
07.12.17 Memory Corruption Attacks Integer overflow, Buffer overflow Mory
14.12.17 Code Inspection OS command injection, Uncontrolled format string Bodden
----- End of 4CP-Course ----- ----- -----
21.12.17 Vulnerability Assessment Cache poisoning Bodden Introduction to Fix-It
11.01.18 Deployment Race condition / time of check, time of use Bodden
18.01.18 Insider Threats; VKrit TBA Dann
25.01.18 Usability, Recap TBA Bodden Explanations of vulnerabilities from Fix-It