Hide menu

TDDC90 Software Security


General information

Sign up for the labs!

All three labs must be completed (and given a pass by the lab assistant) before the deadline. You will work at your own pace, but we recommend that you visit the lab sessions and try to complete the labs according to the schedule. The labs will become easier if you spend some time reading before doing them. You will find reading material on the page with additional reading material.

Deadline: December 18:th at 6PM. Lab reports handed in after the deadline will be corrected in March. Reports handed in after the first of March will be corrected in June. After the first of June you will have to complete the labs that are part of the coming edition of the course.

Note that due to legal policies you are required to hand in a full printed copy of your lab solutions in a signed IDA lab cover to pass the lab. (You can find these covers in the printer rooms.) See instructions below for specific hand-in instructions for each lab.

Important notice: Both the PONG and WEBSEC labs use localhost for network access. This means that running the lab via ThinLinc will result in network conflicts (since all instances run on the same physical machine). The WEBSEC lab should only by run locally on the machines in the SU-rooms due to security reasons. It is, however, possible to work on the PONG lab from home, but this requires some extra setup effort. See the startup script for the PONG virtual machine for some hints. Note that we cannot provide support for technical issues with running the lab outside of the SU rooms.


This is the largest lab in the course. You will be working with several aspects of software security using the same codebase throughout.

Ulf Kargén (ulf.kargen@liu.se) will be the lab assistant for Group A in Webreg, and Alireza Mohammadinodooshan (alireza.mohammadinodooshan@liu.se) will supervise Group B.

Lab description: LAB-PONG.pdf

Hand-in instructions: Submit your lab report as a pdf to your lab assistant. When your report has been passed in Webreg, hand in a printed copy in a signed lab cover to the assistant, or in the IDA mail-slot next to Café Java.

Web Security (WEBSEC)

In this lab you will try out some of the vulnerabilities that have been discussed in the course. You will also be given the opportunity to look at how to mitigate the risks that these vulnerabilities pose.

Ulf Kargén will be the lab assistant for Group A, and Alireza Mohammadinodooshan will supervise Group B.

Lab description: LAB-WEBSEC.pdf

Hand-in instructions: Submit your printed copy in a signed lab cover to your lab assistant.

Static Analysis (STATIC)

Ulf Kargén and Ahmed Rezine (ahmed.rezine@liu.se) will jointly supervise the lab. (Note that Alireza will NOT be a supervisor for this lab.)

Lab description: LAB-STATIC.pdf

Lab files: static.zip

Hand-in instructions: As part of the lab you will need to demo your solution to either Ulf or Ahmed. After being passed on the demo, simply hand in your lab solution via email to the lab assistant that you demoed for. Finally, when you have received confirmation from your lab assistant that the report is OK, print it and hand it in to Ulf Kargén in a signed lab cover.

Page responsible: Ulf Kargén
Last updated: 2019-11-01