Computer and Network Security


Course Objective

This is a course on security with a focus on systems work. At the end of
the course students will deeply understand the conceprs of
memory corruption attacks (buffer overflows, format strings, etc),
network attacks (such as spoofing, scannning, sniffing, DoS, and TCP
hijacking), and web attacks such as SQL injection, cross-site scripting,
and other vectors used by computer hackers. Besides basic attacks,
students will also learn about state-of-the-art exploitation methods.
The course is very(!) hands-on.

Course Content

The course covers a wide spectrum of security issues. We explicitly
focus on systems security rather than cryptography (although there
will be a little of that too), as we want to show students how attackers
penetrate systems and most security issues are not due to bad crypto.

Specifically, the course focuses on (1) network security (sniffing,
spoofing, hijacking, exploiting network protocols, DDoS, DNS attacks,
etc.), (2) memory corruption and application security (buffer overflows,
format string bugs, dangling pointers, shellcode, return-oriented
programming, ASLR/DEP/canaries, control flow integrity and
cool new ways of exploitation), (3) web security (XSS, SQL
injection, CSRF, http cache poisoning, SOP, authentication, etc.),
(3) crypto (basics, systems aspects).

Much of the course will be hands-on and challenge-based. In assignments,
student will carry out and investigate attacks in a controlled
environment. This involves programming at the both the highest and
lowest levels (say SQL and assembly).

Teaching Methods

Lectures and (very challenging) practical assignments.

Method of Assessment

Written exam (30%) and practical assignments (70%).

There is no resit opportunity for the practical assignments.

Entry Requirements

Knowledge of C is highly essential


No set book. All material will be made available during the course.

Recommended background knowledge

No formal requirements, except a keen interest and sufficient time.

Programming experience in C very strongly recommended.

Knowledge of assembly and computer architecture helps too.

General Information

Course Code X_400127
Credits 6 EC
Period P1
Course Level 400
Language of Tuition English
Faculty Faculty of Science
Course Coordinator prof. dr. ir. H.J. Bos
Examiner prof. dr. ir. H.J. Bos
Teaching Staff prof. dr. ir. H.J. Bos

Practical Information

You need to register for this course yourself

Last-minute registration is available for this course.

Teaching Methods Lecture
Target audiences

This course is also available as: