Checking date: 16/05/2025 21:53:04


Course: 2025/2026

Software systems exploitation
(12386)
Master in Cybersecurity (Plan: 325 - Estudio: 288)
EPI


Coordinating teacher: GONZALEZ MANZANO, LORENA

Department assigned to the subject: Computer Science and Engineering Department

Type: Compulsory
ECTS Credits: 3.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
None
Objectives
This course contributes to the following learning outcomes: Explain at least one way of compromising a system which have detected vulnerabilities. Justify through reasoned reports the detected vulnerabilities and the detailed procedure to be followed to perform the intrusion. Explain other attack techniques to a system that is not vulnerable to direct intrusion. Propose different attacks that may be performed from inside a system in a controlled environment and explain the consequences.
Learning Outcomes
Description of contents: programme
System Software Exploitation: 1. Introduction 1.1. Vulnerabilities in Software Components 1.2. Exploitation mechanisms 1.3. Exploitation Laboratory and Tools 2. Software Explotation 2.1. Segmentation Faults 2.2. Input validation and code injection 2.3. Race conditions 2.4. Privilege-confusion 2.5. User interface exploitation 2.6. Configuration and functionality abuse 2.7. Cache exploitation 3. Web system exploitation 3.1. Channel vulnerabilities 3.2. Server vulnerabilities 3.3. Browser vulnerabilities 4. Vulnerability and exploitation information sources 4.1. Repositories 4.2. Representation standards and information exchange languages
Learning activities and methodology
TRAINING ACTIVITIES Theoretical classes Laboratory classes Tutorial sessions Individual work TEACHING METHODOLOGIES Teachers use computer and audiovisual media to explain the main concepts of the subject. Literature is provided to support students' learning. Reading recommended texts: newspaper articles , reports, manuals and / or academic papers, either to expand or to consolidate the knowledge of the subject. Preparation of laboratory reports individually or in groups.
Assessment System
  • % end-of-term-examination/test 40
  • % of continuous assessment (assigments, laboratory, practicals...) 60

Calendar of Continuous assessment


Basic Bibliography
  • Eagle, C. The IDA pro book: the unofficial guide to the world's most popular disassembler. No Starch Press. 2008
  • Klein, T. A Bug Hunter's Diary. No Starch Press. 2011
  • Ross Anderson. Security engineering. John Wiley & Sons. 2008
  • Stuttard, D., & Pinto, M.. The web application hacker's handbook: discovering and exploiting security flaws. John Wiley & Sons. 2008
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Anley, C., Heasman, J., Lindner, F., & Richarte, G.. The Shellcoder's Handbook: Discovering and Exploiting Security Holes. John Wiley & Sons.. 2011
  • Dhanjani, N., Rios, B., & Hardin, B. . Hacking: The next generation. O'Reilly Media, Inc.. 2009
  • Drake, J. J., Lanier, Z., Mulliner, C., Fora, P. O., Ridley, S. A., & Wicherski, G. . Android Hacker's Handbook. John Wiley & Sons. 2014
  • Gilberto Najera-Gutierrez. Kali Linux Web Penetration Testing Cookbook: Identify, Exploit, and Prevent Web Application Vulnerabilities with Kali Linux 2018. x. Packt Publishing Ltd.. 2018
  • Hope, P., & Walther, B.. Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast. O'Reilly Media, Inc. 2008
  • Miller, C., Blazakis, D., DaiZovi, D., Esser, S., Iozzo, V., & Weinmann, R. P. IOS Hacker's Handbook. John Wiley & Sons. 2012
Detailed subject contents or complementary information about assessment system of B.T.
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus may change due academic events or other reasons.