About

Useful links

The official course website: https://www.cl.cam.ac.uk/teaching/2122/Security/

Video lectures: https://www.youtube.com/playlist?list=PLbyW0t9gkXg01V21C9QJe9vacExhO_m9p

SEED labs: https://seedsecuritylabs.org/index.html

Supervision work

The new 2021-2022 security course puts significant emphasis on practical work. As such, the supervision work will consist of a mixture of relevant past exam papers and practical labs.

The practical labs can be time consuming if you get stuck. I expect that you will attempt the set practical work (not being able to finish it is fine as long as you come to the supervision where we can discuss where you got stuck). Do not Google the answers, as you don't get any credit, but you deprive yourself of the opportunity to learn. I suggest attempting the past paper question last so you benefit from everything you learnt in the practical tasks.

Work is due by 5pm on the day before the supervision .

Supervision 1

Practical:

  1. Environment variable and setuid SEED
  2. Buffer overflow setuid SEED

Please submit a brief summary of your findings (could be text-based or a mixture of text and screenshots)

Past paper:

2013 Paper 4 Question 9 (a) only

Supervision 2

Practicals in decreasing order of priority:

  1. First and foremost SQL injection
  2. Return to libc
  3. if time permits: CSRF

Please submit a brief summary of your findings (could be text-based or a mixture of text and screenshots). Highlight any questions you have that you would like to discuss in the supervision.

Past paper:

2017 Paper 7 Question 14

Theory questions

Describe best practices for storing passwords for a web server.

And finally two fun tasks from last year's course:

1. What would a security analysis for your bicycle look like? What assets does your bicycle provide to you, and what vulnerabilities and threats to you and others do they create? What other risks and requirements could you face as its owner and user? (Think CIA).

2. What patterns can you spot on slide 125 of https://www.cl.cam.ac.uk/teaching/2021/Security/security-slides.pdf ?


Supervision 3

Practicals:

Past Papers: