Application Security (Sommersemester 2023)
Lecturer:
Dr. Anne Kayem
(Internet-Technologien und -Systeme)
General Information
- Weekly Hours: 4
- Credits: 6
- Graded:
yes
- Enrolment Deadline: 01.04.2023 - 07.04.2023
- Teaching Form: Lecture
- Enrolment Type: Compulsory Module
- Course Language: English
Programs, Module Groups & Modules
- Cybersecurity
- HPI-CS-A Application Security
- HDAS: Health Data Security
- HPI-HDAS-C Concepts and Methods
- HDAS: Health Data Security
- HPI-HDAS-T Technologies and Methods
- HDAS: Health Data Security
- HPI-HDAS-S Specialization
- DAPP: Data Applications
- HPI-DAPP-K Konzepte und Werkzeuge
- DAPP: Data Applications
- HPI-DAPP-T Techniken und Werkzeuge
- DAPP: Data Applications
- HPI-DAPP-S Spezialisierung
- HPI-SSE-S Systems Foundations
- SSYS: Software Systems
- HPI-SSYS-C Concepts and Methods
- SSYS: Software Systems
- HPI-SSYS-T Technologies and Tools
- SSYS: Software Systems
- HPI-SSYS-S Specialization
- OISY: Online and Interactive Systems
- HPI-OISY-C Concepts and Methods
- OISY: Online and Interactive Systems
- HPI-OISY-T Technologies and Tools
- OISY: Online and Interactive Systems
- HPI-OISY-S Specialization
Description
Course Description
Software applications have become an integral part of daily life, sharing information across devices pervasively and seamlessly to conduct and ever growing number of computing operations. One of the results of software application ubiquity is the complexity of designing and maintaining these applications in ways that guarantee security in addition to reliability and availability. Main stream press examples of data and application breaches such as the case of the MyFitnessPal security breach in 2018 that resulted in hackers acquiring the private data of more than 150 million users, underline the importance of secure design and coding. The goal of this course therefore, is to learn how to identify, fix, and prevent security vulnerabilities.
In order to achieve this, we will study the principles, methods, and approaches needed for the development of secure applications such as web, mobile, and classic applications. This will be achieved through a series of twice weekly lectures during this summer semester, focused on studying methods of analysing software applications to identify and analyse vulnerability classes and corresponding attack vectors on a theoretical as well as practical level.
Topics to be covered include:
- Confidentiality, Integrity, and Trust management
- Secure databases
- Flaws (Vulnerabilities) in Applications
- Threats and Attack Vectors
- Data Flow and Interprocedural Analysis
- ...
Requirements
Prerequisites:
- Algorithms and Data Structures
- Programming skills in any one (or several) of the following: C, C++, Java, Python, Javascript, PHP, and SQL
Literature
References and Study Material will be provided on a per lecture basis.
Learning
At the end of this course you should be able to do the following:
- Critically assess applications for robustness to security vulnerabilities at dierent stages of the application's lifecycle such as design, implementation, maintenance, and upgrades
- Design secure applications by adopting secure by design principles
- Critically analyse applications for security flaws and threats
- Design features to counter identied threats
Examination
Project work will be organised as a series of weekly assignments, with tasks to be completed on a pre-prepared platform. Results from these assignments will be graded for a total of 30% of the final grade. Participant groups will give a 20 minute presentation show casing one (1) vulnerability exploit and one (1) mitigation, based on a platform of choice. Presentations will count for 20% of the final grade. The final exam will count for 50% of the final grade. A summary is provided below:
Grading Rubric | When? | Grade % |
Presentation (20 minutes / group) | July 19, 2023 | 20% |
Assignments (bi-weekly) | Starting 24.04.2023 | 30% |
Written Exam (90 mins) | 26.07.2023 at 13.30 | 50% |
Dates
Lectures will hold weekly as follows:
- Tuesdays: 09.15 - 10.45am (Lecture in H.E.51/52)
- Wednesdays: 13.30 - 15.00 (Project Work Discussions: H.E.51/52 or Zoom - TBD)
However, please note that the first lecture on April 18 at 9.15am will hold in K.1.02.
To register for the course, please navigate to the course website on HPI moodle and use: AS-2023 to enroll.
Zurück