Hide menu

TDDC90 Software Security

Labs


General information

Sign up for the labs! Sign-up deadline is November 12.

All three labs must be completed (and given a pass by the lab assistant) before the deadline. You will work at your own pace, but we recommend that you participate in the lab sessions and try to complete the labs according to the schedule. The labs will become easier if you spend some time reading before doing them. You will find reading material on the page with additional reading material.

Deadline: December 17:th at 23:59PM. Lab reports handed in after the deadline will be corrected only as time permits, but latest in March. Reports handed in after the first of March will be corrected latest in June. After the first of June you will have to complete the labs that are part of the coming edition of the course.

PONG

This is the largest lab in the course. You will be working with several aspects of software security using the same codebase throughout.

Ulf Kargén will supervise this lab.

Lab description: LAB-PONG.pdf

Hand-in instructions: Lab reports should be submitted in pdf format to Ulf Kargén (ulf.kargen@liu.se).

Note that it's encouraged to submit individual parts of the Pong lab separately, to get continous feedback as you are working your way through all the tasks. However, if you do so, please use the same email thread for all parts.

Web Security (WEBSEC)

In this lab you will try out some of the vulnerabilities that have been discussed in the course. You will also be given the opportunity to look at how to mitigate the risks that these vulnerabilities pose.

Ulf Kargén will supervise this lab.

Lab description: LAB-WEBSEC.pdf

Hand-in instructions: Lab reports should be submitted in pdf format to Ulf Kargén (ulf.kargen@liu.se).

Note: We have observed a technical problem where the web server in the websec virtual machine appears to fail, leading to an "Unable to connect" error. We are looking into the problem, but in the meantime, simply restarting the VM usually helps. If you experience multiple consecutive failures, you can also try to log out and back in again.

Static Analysis (STATIC)

Ulf Kargén and Ahmed Rezine (ahmed.rezine@liu.se) will jointly supervise the lab.

Lab description: LAB-STATIC.pdf (Note that, even though the lab description instructs to connect to ThinLinc, it works equally well to use the computers in the SU-rooms.)

Lab files: sana.zip

Hand-in instructions: As part of the lab you will need to demo your solution to Ahmed or Ulf. After being passed on the demo, hand in your lab solution (as a pdf) via email to to the lab assistant that you demoed for.


Page responsible: Ulf Kargén
Last updated: 2024-11-06