Application Security


SemesterWinter 2021
Course typePractical Course/ Lab
LecturerFelix Dörre, Jeremias Mechler, Max Noppel, Prof. Dr. Jörn Müller Quade, Jun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits4 ECTS
Room252, Building 50.34 Online
LanguageEnglish and/or German

Remote Course

Due to the ongoing COVID-19 pandemic, this course is going to take place remotely, meaning, the kick-off meeting and the individual units will happen online. Please consult the ILIAS course web page for further details.


In this course you are learning techniques for exploiting software bugs as well as common countermeasures. By solving practical exercises your gather hands-on experience in the following topics:

  • Buffer Overflows
  • Shellcode Injection
  • Return Oriented Programming
  • Format String Attacks
  • Address Space Layout Randomization
  • Stack Canaries

In most cases, you will obtain a "flag" (a short code) for which you are awarded points, that in turn are required to pass the course. Flags need to be submitted here.


The affinity to low-level work and basic but solid programming skills in a language of your choice (e.g., Python) are necessary to fully enjoy the course. Moreover, basic programming skills in Python are required for a (small) part of the lab. Knowledge of C or x86-assembly language is helpful, but we will cover the very basics during the lab. Furthermore, a certain familiarity with a linux command line environment is assumed. You need to have successfully passed the following (bachelor) courses:

  • "Rechnerorganisation", and
  • "Betriebssysteme" (Operating Systems)