Workshop Information

Costs: Free of charge

Registration: Now closed; successful registrants have been notified via emails.

Medium of instruction: English (students can ask questions in English/Mandarin/Cantonese)

Learning Outcomes:

  1. Get introduced to basic concepts of information representation, encoding, and encryption.
  2. Get familiarized with classic ciphers, understand why we no longer use them today, and try hands-on exercises in breaking them.
  3. Acquire basic knowledge on input validation and some related vulnerabilities, and perform hands-on exploit in a controlled environment.

Date and Time: Jul 31 (Wed) - Aug 02 (Fri) 14:00 - 18:15

Location: William M W Mong Engineering Building (ERB) 1004

Instructor: Prof. Sze Yiu, CHAU

Topics and schedule

Date & time Topics Resources
Jul 31 (Wed) 14:00 - 16:00 Basic Python Slides, Lab manual
Jul 31 (Wed) 16:00 - 16:15 short break
Jul 31 (Wed) 16:15 - 18:15 Information encoding & representation Lab manual
Aug 01 (Thr) 14:00 - 16:00 Fun with ciphers I Slides, Lab manual
Aug 01 (Thr) 16:00 - 16:15 short break
Aug 01 (Thr) 16:15 - 18:15 Fun with ciphers II Lab manual
Aug 02 (Fri) 14:00 - 16:00 Input validation & Web security Slides, Lab manual
Aug 02 (Fri) 16:00 - 16:15 short break
Aug 02 (Fri) 16:15 - 18:15 Input validation & System exploits Lab manual

Interactive programming environment and challenges:


FAQs

Should I bring my own computing equipment?

We will use the computers in ERB 1004 for this workshop. There is no need to bring your own laptops.

Where is ERB 1004?

ERB 1004 is located on the 10/F of the William M W Mong Engineering Building (see it on Google Maps).

To get there on foot from the University station, you can follow the map below:

map


Fun stuff to see/read

Online resources

Books

  • The Fuzzing Book
  • Michael Howard, David LeBlanc, John Viega, "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them", 1st Edition, McGraw-Hill Education
  • Michael Howard, Steve Lipner, "The Security Development Lifecycle", Microsoft Press, Free ebook from Microsoft Press
  • Gary McGraw, "Software Security: Building Security In", 1st Edition, Addison-Wesley
  • Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin, "The Art of Software Security Testing: Identifying Software Security Flaws", 1st Edition, Addison-Wesley
  • Jonathan Katz, Yehuda Lindell, "Introduction to Modern Cryptography", 2nd Edition, CRC Press
  • Adam Shostack, "Threat Modeling: Designing for Security", 1st Edition, Wiley