Software and Application Security

Teaching Staff: Ntantogian Christoforos
Code: MO130
Course Type: Direction of CSC - Compulsory
Course Level: Undergraduate
Course Language: Greek
Semester: 6th
ECTS: 5
Teaching Units: 5
Lecture Hours: 4
Lab/Tutorial Hours: 2L
Total Hours: 6
Curricula: Revamped Curriculum in Informatics from 2025

Short Description:

The course focuses on a key area of cybersecurity: software and application security. It covers memory overflow techniques, fuzzing, and modern methods of vulnerability exploitation. Students learn to analyze source code, identify and evaluate weaknesses, and apply penetration testing techniques on Linux and Windows systems. The course also examines web application attacks such as XSS, CSRF, SQL Injection, and LFI, along with best practices for authentication security. Open-source tools are extensively used, and the course explores the application of artificial intelligence for automated vulnerability detection and security analysis of modern information systems.

Objectives - Learning Outcomes:

Upon successful completion of the course, the student will be able to:

Analyze and assess source code to identify new vulnerabilities and exploit them to demonstrate attacks.
Apply penetration testing methodologies and techniques to evaluate the security of an information system.
Use a wide range of open-source tools commonly employed in the field of information system security.
Perform security assessments of web applications.
Recognize and understand the most common types of attacks targeting web applications.
Identify current research trends and evaluate their potential impact on the field of cybersecurity in the coming years.

Syllabus:

Software attacks using memory-overflow techniques. Source-code analysis. Fuzzing techniques for automated discovery of logic errors and software vulnerabilities. Modern vulnerability exploitation techniques. Privilege escalation on Linux and Windows systems. Vulnerability assessment and security testing of information systems. Introduction to web technologies such as PHP, HTML, SQL, and JavaScript. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks. SQL injection and Local File Inclusion (LFI) attacks. Flaws in authentication, session management, access control mechanisms, and cryptographic solutions. Web application security testing. Use of artificial intelligence in software and application security.

Suggested Bibliography:

“Ασφάλεια Πληροφοριών και Συστημάτων στον Κυβερνοχώρο”, Στέφανος Γκρίτζαλης Σωκράτης Κάτσικας Κωνσταντίνος Λαμπρινουδάκης, Εκδόσεις Νέων Τεχνολογιών, ISBN: 978-960-578-064-7, 2021
“Computer Security: A Hands-on Approach 2nd Edition”, Wenliang Du, 978-1733003902, 2020

Teaching Methods:

Teaching Methods