Hide menu

TDDC90 Software Security


General information

Sign up for the labs!

All three labs must be completed (and given a pass by the lab assistant) before the deadline. You will work at your own pace and may work from home, but we recommend that you visit the lab sessions and try to complete the labs according to the schedule. The labs will become easier if you spend some time reading before doing them. You will find reading material on the page with additional reading material.

Deadline: December 16:th at 6PM. Lab reports handed in after the deadline will be corrected in March. Reports handed in after the first of March will be corrected in June. After the first of June you will have to complete the labs that are part of the coming edition of the course.

Note that due to legal policies you are required to hand in a full printed copy of your lab solutions in a signed IDA lab envelope to pass the lab. See instructions below for specific hand-in instructions for each lab.


This is the largest lab in the course. You will be working with several aspects of software security using the same codebase throughout. As part of the lab you are required to enter a group number when generating virtual machine instances. Use your webreg group number. If for whatever reason your group number doesn't work, ask your lab assistant for help.

Rahul Hiran will be the lab assistant for all groups.

Lab description: LAB1-PONG.pdf

Hand-in instructions: Submit your lab report as a pdf to rahul.hiran@liu.se. When Rahul has passed your report, hand in a printed copy in a signed lab envelope to Ulf Kargén, or in the IDA mail-slot next to Café Java.

Static Analysis (STATIC)

Ahmed Rezine and Ulf Kargén will jointly supervise the lab.

Lab description: LAB2-STATIC.pdf

Lab files: static.zip

Hand-in instructions: As part of the lab you will need to demo your solution to either Ulf or Ahmed. After being passed on the demo, simply hand in your lab solution via email to the lab assistant that you demoed for. Finally, when you have received confirmation from your lab assistant that the report is OK, print it and hand it in to Ulf Kargén in a signed lab envelope.

Web Security

In this lab you will try out some of the vulnerabilities that have been discussed in the course. You will also be given the opportunity to look at how to mitigate the risks that these vulnerabilities pose.

Marcus Bendtsen will be the lab assistant for all groups.

Lab description: LAB3-WEBSEC.pdf

Hand-in instructions: Submit your printed copy in a signed lab envelope to Marcus Bendtsen.

Page responsible: Nahid Shahmehri
Last updated: 2016-11-16