Analysis and Exploration of Vulnerabilities 2022/2023

Subject lectured to the 1st year of the Masters in Cybersecurity, providing a view over the issue of vulnerability management, it’s assessment, impact, and then exploration.

This edition will be lectured by professor João Paulo Barraca (email: [email protected]). Teaching staff will be available by email and MS Teams, especially during the allocated tutoring slots. The use of the MS Teams platform for direct communication is highly recommended. Official course information will be available in this page, while grades will be available through Elearning.

Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in both English and Portuguese.

Prospecting students should be aware that this subject some knowledge and comprehension of several topics in the areas of networking, software and operating systems, such as: the Python/C/PHP, Linux console usage (mostly Debian), virtual machines, sockets, HTTP and HTML technologies, mobile applications. Although lacking specific knowledge is not critical, the contents will expect you to have some base knowledge on those topics.

Important Dates

  • T1: November 11th

  • T2 and E1: January TBD

  • ES and PS: February TBD

  • EE and PE: September

  • Assignment 1 - December 21st

  • Assignment 2 - December 21st

  • Assignment 3 - January 6th

Planning

According to the UA academic schedule, classes will be lectured from September 23rd, until January 6th. The subject is composed by a 3 hours of theoretical lectures, and 1 hour of tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures, preparing projects and assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Theoretical classes will present key aspects related with vulnerability management, vulnerability assessment, relevant vulnerabilities in current service architectures (mostly web or REST based), lower level aspects related with stacks, heaps and other vulnerabilities, and then mobile applications.

The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.

# Date Topic
1 Sep 23 Course Guidelines, Vulnerabilities
2 Sep 30 Information Leakage
3 Oct 07 Vulnerability Assessment
4 Oct 14 Injection Vulnerabilities: SQLi
5 Oct 21 Injection Vulnerabilities: OS Injection
6 Oct 28 Broken Authentication
9 Nov 04 XSS - Cross Site Scripting
8 Nov 11 Theoretical Test, XSS - Cross Site Scripting
9 Nov 18 Lower level buffer manipulation (Stack)
10 Nov 25 Lower level buffer manipulation (Heap)
11 Dec 02 Lower level buffer manipulation (Print Formats, ROP)
12 Dec 09 Mobile Vulnerabilities
13 Dec 16 Concurrency
14 Jan 06 Defense of Assignment 3

Software

  • Bettercap: The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
  • Wireshark: The most popular packet sniffer application.
  • WebGoat: A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
  • Kali Linux: A popular Penetration Testing Distribution.
  • John the Ripper: A password Cracker.
  • Hashcat: Advanced Password Recovery tool, especially tailored at OpenCL.
  • nmap: Probably the most famous port scanner and recognaissance tool.
  • Burp Suite: Vulnerability assessment tool
  • OWASP ZAP: OWASP Zed Attack Proxy is a vulnerability assessment tool, similar to Burp, but open source.
  • GDB: GDB: The GBU Project Debugger

Websites

Books

Next