Workshop Information
Costs: Free of charge
Registration: Now closed; successful registrants have been notified via emails.
Medium of instruction: English (students can ask questions in English/Mandarin/Cantonese)
Learning Outcomes:
- Get introduced to basic concepts of information representation, encoding, and encryption.
- Get familiarized with classic ciphers, understand why we no longer use them today, and try hands-on exercises in breaking them.
- Acquire basic knowledge on input validation and some related vulnerabilities, and perform hands-on exploit in a controlled environment.
Date and Time: Jul 31 (Wed) - Aug 02 (Fri) 14:00 - 18:15
Location: William M W Mong Engineering Building (ERB) 1004
Instructor: Prof. Sze Yiu, CHAU
Topics and schedule
| Date & time | Topics | Resources |
|---|---|---|
| Jul 31 (Wed) 14:00 - 16:00 | Basic Python | Slides, Lab manual |
| Jul 31 (Wed) 16:00 - 16:15 | short break | |
| Jul 31 (Wed) 16:15 - 18:15 | Information encoding & representation | Lab manual |
| Aug 01 (Thr) 14:00 - 16:00 | Fun with ciphers I | Slides, Lab manual |
| Aug 01 (Thr) 16:00 - 16:15 | short break | |
| Aug 01 (Thr) 16:15 - 18:15 | Fun with ciphers II | Lab manual |
| Aug 02 (Fri) 14:00 - 16:00 | Input validation & Web security | Slides, Lab manual |
| Aug 02 (Fri) 16:00 - 16:15 | short break | |
| Aug 02 (Fri) 16:15 - 18:15 | Input validation & System exploits | Lab manual |
Interactive programming environment and challenges:
- Please go to https://iesummerworkshop.github.io
FAQs
Should I bring my own computing equipment?
We will use the computers in ERB 1004 for this workshop. There is no need to bring your own laptops.
Where is ERB 1004?
ERB 1004 is located on the 10/F of the William M W Mong Engineering Building (see it on Google Maps).
To get there on foot from the University station, you can follow the map below:
Fun stuff to see/read
Online resources
- Hacking Enterprise Wi-Fi and VPNs
- Great Crypto Failures
- The Six Dumbest Ideas in Computer Security
- Official CVE Twitter account
- U.S. NVD Data Feeds
Books
- The Fuzzing Book
- Michael Howard, David LeBlanc, John Viega, "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them", 1st Edition, McGraw-Hill Education
- Michael Howard, Steve Lipner, "The Security Development Lifecycle", Microsoft Press, Free ebook from Microsoft Press
- Gary McGraw, "Software Security: Building Security In", 1st Edition, Addison-Wesley
- Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin, "The Art of Software Security Testing: Identifying Software Security Flaws", 1st Edition, Addison-Wesley
- Jonathan Katz, Yehuda Lindell, "Introduction to Modern Cryptography", 2nd Edition, CRC Press
- Adam Shostack, "Threat Modeling: Designing for Security", 1st Edition, Wiley