For the last three years I've been giving a trimestral course on secure coding at the University of León, in Spain. The course based on secure coding for C, Java and a little bit of PHP. The following is the content list of materias explored on the course:
- Lesson 1.- Buffer overflows
- Lesson 2.- System Memory and memory corruption
- Lesson 2bis.- Strings
- Lesson 3.- Formatted Output
- Lesson 4.- Os protections
- Lesson 5.- Introduction to assembly
- Lesson 5bis.- Introduction to exploiting
- Lesson 6.- Coding concurrency problems
- Lesson 7.- Secure coding on File System access
- Lesson 8.- Secure coding on OO programming (Methods)
- Lesson 9.- Web secure coding with PHP (Part I)
- Lesson 10.-Web secure coding with PHP (Part II)
The course included to practical classes which versed on "Introduction to exploiting". The course included three assignments in which the students were asked to explin the functioning of current real vulnerability and associate it to any of the subjects that were being given at class, in another, they were asked to exploit a simple program and exploit bwapp.
I will include next some links to PDFs that were given at class:
- Lesson 1.- Buffer overflows
- Lesson 2.- System Memory and memory corruption
- Lesson 2bis.- Strings
- Lesson 3.- Formatted Output
- Lesson 4.- Os protections
- Lesson 5.- Introduction to assembly
- Lesson 5bis.- Introduction to exploiting
- Lesson 6.- Coding concurrency problems
- Lesson 7.- Secure coding on File System access
- Lesson 8.- Secure coding on OO programming (Methods)
- Lesson 9.- Introduction to exploiting (Part II)
- Lesson 10.- Web secure coding with PHP (Part I)
- Lesson 11.-Web secure coding with PHP (Part II)
Source code for exploiting exercises (although very simple) are included next:
...BTW pdfs are NOT malicious, ;-P just confirm it at virustotal.com