Application Security


SemesterWinter 2022
Course typePractical Course/ Lab
LecturerFelix Dörre, Jeremias Mechler, Max Noppel, Prof. Dr. Jörn Müller Quade, Jun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits4 ECTS
Room252, Building 50.34
LanguageEnglish and/or German


In this course you are learning techniques for exploiting software bugs as well as common countermeasures. By solving practical exercises your gather hands-on experience in the following topics:

  • Buffer Overflows
  • Shellcode Injection
  • Return Oriented Programming
  • Format String Attacks
  • Address Space Layout Randomization
  • Stack Canaries

In most cases, you will obtain a "flag" (a short code) for which you are awarded points, that in turn are required to pass the course. Flags need to be submitted here.


The affinity to low-level work and basic but solid programming skills in a language of your choice (e.g., Python) are necessary to fully enjoy the course. Moreover, basic programming skills in Python are required for a (small) part of the lab. Knowledge of C or x86-assembly language is helpful, but we will cover the very basics during the lab. Furthermore, a certain familiarity with a linux command line environment is assumed. You need to have successfully passed the following (bachelor) courses:

  • "Rechnerorganisation", and
  • "Betriebssysteme" (Operating Systems)