URL study guide
https://tue.osiris-student.nl/onderwijscatalogus/extern/cursus?cursuscode=2DMI20&collegejaar=2025&taal=enDescription
‘Cryptography is typically bypassed, not penetrated', Turing Award winner Adi Shamir famously said. In fact, most security problems are not due to weak cryptography but happen when systems get implemented and software errors happen. In an adversarial setting, attackers may be able to exploit these errors for malicious purposes.This course consists of a series of lectures that focus on the most important ideas in Software Security. Correspondingly, the focus is on concepts and not practical application. This course is not a lab. However, lectures will be accompanied by CTF challenges.
Objectives
The purpose of this course is to become familiar with how system vulnerabilities arise on the software layer and how to protect against them.At the end of the course, the students should be able to
- have a good understanding of the fundamental limitations in software security and based on that can evaluate the feasibility and effectiveness of practical techniques to find weaknesses.
- understand the fundamental root causes of software errors and the costs of the techniques to find them.
- analyze code and find programming errors.
- should know and understand the most important security weaknesses in practice as well as effective techniques to avoid them. These techniques range from a defensive choice of programming language to analytic techniques like static code analysis, fuzzing, and formal verification.
- should be able to apply countermeasures appropriately to mitigate weaknesses.
- apply a holistic approach (7+1 kingdoms) to finding security weaknesses that covers all aspects of a system and use that to decompose complex systems and application scenarios.
- create original solutions to weaknesses.