Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI
Login
 

Application Security (Sommersemester 2023)

Lecturer: Dr. Anne Kayem (Internet-Technologien und -Systeme)

General Information

  • Weekly Hours: 4
  • Credits: 6
  • Graded: yes
  • Enrolment Deadline: 01.04.2023 - 07.04.2023
  • Teaching Form: Lecture
  • Enrolment Type: Compulsory Module
  • Course Language: English

Programs, Module Groups & Modules

Cybersecurity MA
Digital Health MA
Data Engineering MA
  • DAPP: Data Applications
    • HPI-DAPP-K Konzepte und Werkzeuge
  • DAPP: Data Applications
    • HPI-DAPP-T Techniken und Werkzeuge
  • DAPP: Data Applications
    • HPI-DAPP-S Spezialisierung
Software Systems Engineering MA

Description

Course Description

Software applications have become an integral part of daily life, sharing information across devices pervasively and seamlessly to conduct and ever growing number of computing operations. One of the results of software application ubiquity is the complexity of designing and maintaining these applications in ways that guarantee security in addition to reliability and availability. Main stream press examples of data and application breaches such as the case of the MyFitnessPal security breach in 2018 that resulted in hackers acquiring the private data of more than 150 million users, underline the importance of secure design and coding. The goal of this course therefore, is to learn how to identify, fix, and prevent security vulnerabilities.

In order to achieve this, we will study the principles, methods, and approaches needed for the development of secure applications such as web, mobile, and classic applications. This will be achieved through a series of twice weekly lectures during this summer semester, focused on studying methods of analysing software applications to identify and analyse vulnerability classes and corresponding attack vectors on a theoretical as well as practical level.

Topics to be covered include:

  • Confidentiality, Integrity, and Trust management
  • Secure databases 
  • Flaws (Vulnerabilities) in Applications
  • Threats and Attack Vectors
  • Data Flow and Interprocedural Analysis
  • ...

Requirements

Prerequisites:

  • Algorithms and Data Structures
  • Programming skills in any one (or several) of the following: C, C++, Java, Python, Javascript, PHP, and SQL

Literature

References and Study Material will be provided on a per lecture basis.

Learning

At the end of this course you should be able to do the following:

  • Critically assess applications for robustness to security vulnerabilities at dierent stages of the application's lifecycle such as design, implementation, maintenance, and upgrades
  • Design secure applications by adopting secure by design principles
  • Critically analyse applications for security flaws and threats
  • Design features to counter identied threats

Examination

Project work will be organised as a series of weekly assignments, with tasks to be completed on a pre-prepared platform. Results from these assignments will be graded for a total of 30% of the final grade. Participant groups will give a 20 minute presentation show casing one (1) vulnerability exploit and one (1) mitigation, based on a platform of choice. Presentations will count for 20% of the final grade. The final exam will count for 50% of the final grade. A summary is provided below:

Grading Rubric When? Grade %
Presentation (20 minutes / group) July 19, 2023 20%
Assignments (bi-weekly) Starting 24.04.2023 30%
Written Exam (90 mins) 26.07.2023 at 13.30 50%

Dates

Lectures will hold weekly as follows: 

  • Tuesdays: 09.15 - 10.45am (Lecture in H.E.51/52)
  • Wednesdays: 13.30 - 15.00 (Project Work Discussions: H.E.51/52 or Zoom - TBD)

However, please note that the first lecture on April 18 at 9.15am will hold in K.1.02.

To register for the course, please navigate to the course website on HPI moodle and use: AS-2023 to enroll.

Zurück