22/09/2021 11:00: New year, new site! I reset the team by removing all previous members. This year students are kindly asked to join the team.
26/10/2021 12:00: Thursday lectures will be in room MT10, second floor of Cube 30B.
Thursday in room MT10, Friday in room Stor 7_DSU
30/09/2021 14:30-16:30 - Introduction + Why design matters for security (part 1)
01/10/2021 10:30-13:30 - Why design matters for security (part 2)
07/10/2021 14:30-16:30 - Deep modeling
08/10/2021 10:30-13:30 - Core concepts of Domain-Driven Design
14/10/2021 14:30-16:30 - Code constructs promoting security
15/10/2021 10:30-13:30 - Domain primitives - Part 1
21/10/2021 14:30-16:30 - Domain primitives - Part 2
22/10/2021 10:30-13:30 - Ensuring integrity of state
28/10/2021 14:30-16:30 - Reducing complexity of state
29/10/2021 10:30-13:30 - Handling failures securely
04/11/2021 14:30-16:30 - Introduction to Test-Driven Development
05/11/2021 10:30-13:30 - Advanced tests for Python
11/11/2021 14:30-16:30 - Django REST Framework - Part 1
12/11/2021 10:30-13:30 - Django REST Framework - Part 2
18/11/2021 14:30-16:30 - OWASP Top 10 - Part 1
19/11/2021 10:30-13:30 - OWASP Top 10 - Part 2
25/11/2021 14:30-16:30 - OWASP ZAP
26/11/2021 10:30-13:30 - Student Project
02/12/2021 14:30-16:30 - Student Project
03/12/2021 10:30-13:30 - Student Project
09/12/2021 14:30-16:30 - Student Project
10/12/2021 11:30-13:30 - Exam Simulation
16/12/2021 14:30-16:30 - Student Project Showcase
Slides
Introduction: presentation
Why design matters for security: presentation
Deep modeling: presentation
Core concepts of Domain-Driven Design: presentation
Code constructs promoting security: presentation
Domain primitives: presentation
Ensuring integrity of state: presentation
Reducing complexity of state: presentation
Handling failures securely: presentation
OWASP Top 10: presentation
OWASP ZAP: presentation
Introduction to Test-Driven Design: presentation
Django REST Framework - Part 1: presentation
Django REST Framework - Part 2: presentation
Advanced tests for Python: presentation
Exercises to Solve at Home
Have a look at the end of the slides; some solutions written in the class can be found here
Web Goat
SQL Injection on OWASP Mutillidae II up to Client-side Security
OWASP 2013 | A1 Injection (SQL) | SQLi – Extract Data | User Info (SQL)
OWASP 2013 | A1 Injection (SQL) | SQLi – Bypass Authentication | Login
OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register
HTML Injection & XSS on OWASP Mutillidae II up to Client-side Security
OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | View Captured Data
OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Add to your blog
OWASP 2013 | A1 Injection (SQL) | SQLi – Insert Injection | Register
Books
Secure by Design - Dan Bergh Johnsson, Daniel Deogun, Daniel Sawano - Manning
web page of the book
Web Pages
19/01/2022 09:00
09/02/2022 09:00
22/06/2022 09:00
16/07/2022 09:00
17/09/2022 09:00