Software and Application Security

This course aims to provide theoretical and hands-on knowledge in software and Internet security. Upon successful completion of this course, the students will be able to:

• Analyze and evaluate application’s source code to discover bugs and vulnerabilities.
• To understand basic concepts of buffer overflows and exploitation
• Apply vulnerability assessment and penetration testing to evaluate the security of an information system.
• To use open-source tools often used in information security
• To carry out security checks and tests in Web applications.
• To be aware of web vulnerabilities and attacks.
• To implement secure websites and configure secure web servers

Memory corruption and buffer overflows. Privilege Escalation. Source code auditing. Fuzzing techniques to discover bugs and vulnerabilities. Advanced memory corruption exploitation. Vulnerability assessment and Penetration testing. Introduction to Web technologies including PHP, HTML, SQL, JavaScript. Cross Site Scripting attacks (XSS) and Cross Site Request Forgery (CSRF) attacks. SQL injection and Local file inclusion attacks (LFI). Remote command execution. Common Flaws and failures in Authentication, Session Management, Access Control mechanisms as well as in cryptographic implementations. Defending web applications with input validation and sanitization methods. Web application penetration testing.

1. “Ασφάλεια Πληροφοριών και Συστημάτων στον Κυβερνοχώρο”, Στέφανος Γκρίτζαλης Σωκράτης Κάτσικας Κωνσταντίνος Λαμπρινουδάκης, Εκδόσεις Νέων Τεχνολογιών, ISBN: 978-960-578-064-7, 2021
2. “Computer Security: A Hands-on Approach 2nd Edition”, Wenliang Du, 978-1733003902, 2020