After the course students can:
- explain how standard C data types are represented, and write C programs to inspect and manipulate these representations
- explain how the stack and heap are used to allocate data in C programs
- write C programs that makes use of pointers and pointer arithmetic
- explain how the stack is used to administer procedure calls
- explain how buffer overflows work
- explain some of the countermeasures against these vulnerabilities, how these work, and apply some of them
- develop simple exploits for code with buffer overflow weaknesses.
Most security problems have their origin in software, esp. software that is accessible via the internet. This course is about software security vulnerabilities, standard types of such vulnerabilities, what the causes are, what can be done about them and how they can be detected and exploited.
This course concentrates on typical security problems in C(++) programs and machine code, related to memory management: buffer overflows (on heap and stack), integer overflows, and format string attacks.