Downloads (KU 2013/2014)
Downloads for the practical excercises.
|A Fuzzy Competition - Cry Havoc and Let Slip the Bugs of Software Implementations||Competition Slides|
|P00 Administrative Information||Slides|
|P00 Optional One-Strike-Out Policy||Slides|
|P01 Introduction to the Web Application Security Assignment||Slides|
|P02 Web Application Security 1||Slides|
|P03 Web Application Security 2||Slides|
|P04 Java Cryptography Primer||Slides|
|P05 Introduction to Assignment J||Slides|
|P06 Assignment J - Of Bugs and Certificate Authorities||Slides|
|P07 Introduction to Assignment C1 “Too Big To Fail”||Slides|
|P08 Unsigned Integer Overflows in C||Slides|
|WS - Web Security|
|Baseline patch for Assignment WS (see PDF for details)||ws.patch|
|J - Applied Cryptography and PKI|
|Baseline patch for Assignment J (see PDF for details)||assignment-j.patch|
|Assignment J - patch criticallity check in certificate test cases||j-patch-00.patch|
|C1 - Too Big To Fail|
|Baseline patch for Assignment C1 (see PDF for details)||assignment-c1.patch|
|Additional test-cases for task C1 low-level functions||c1-tests-update1.patch|
|Guestbook Addition to the WS assignment||ws-add-guestbook-to-SASE-SUB-SYSTEM.patch|
|J Cryptography Primer - hellocrypto||sasd.j.crypto.primer.zip|
|Reference Virtual Appliance||SASE2013.ova|
Here are the SHA1 and MD5 hashes of the reference image OVA file, in case you want to check the integrity of your download:
$ sha1sum -b SASE2013.ova 21a3490f4482df3115389823f76ee237eda8a59a *SASE2013.ova $ md5sum -b SASE2013.ova 3a1f40ab07c1ed36214cc73d7872564f *SASE2013.ova
The reference image is based on Xubuntu(Precise Pangolin 12.04 LTS) Linux with Apache Tomcat 7.0.12, Oracle JAVA SDK 1.7.0_40, MySQL 5.5.32, lemon 3.7.9, gperf 3.0.3, clang 3.0.6, CUnit 2.1.2(unstable), wireshark 1.6.7, valgrind 3.7.0 and cppcheck 1.52.
Guestbook addition for the Web Application Security assignment
In the practical exercises lectures, we use a guestbook addition to the SASE SUBMISSION SYSTEM from the WS assignment to illustrate cross-site-scripting, the insufficiency of client side input valiation, and SQL injection vulnerabilities. We have decided to make this guestbook addition available to you as a patch for the original WS assignment.
The guestbook additions are additional material that allows you to experiment with XSS, and SQL Injections. They are not part of the WS assignment! In order to prevent this patch from interfering with the original assignment, we strongly propose to NOT to apply the guestbook addition patch to your submission git repository! Instead, follow these steps if you want to play around with the guest book addition:
- Create a new empty git repository. For example:
$ cd ~ $ mkdir guestbook $ cd guestbook $ git init
- Apply the original WS assignment patch to the new git repository.
$ git am ~/Downloads/assignment-ws.patch
- Apply the guestbook addition patch to the new git repository.
$ git am ~/Downloads/ws-add-guestbook-to-SASE-SUB-SYSTEM.patch
- Create a new empty Eclipse workspace. Detailed steps:
- Create a new directory:
$ cd ~ $ mkdir guestbook-ws
- Stop the Eclipse Apache Server by either making sure Eclipse is shut down, or by stopping it in Eclipse' server tab.
- Open Eclipse.
- Select File Menu/Switch Workspace/Other ...
- Create a new directory:
- Set up the new Eclipse workspace by configuring a Tomcat server and importing the
sase.submission.systemfrom your new git repository into your new Eclipse workspace.To set up the Tomcat Server follow these steps:
To import the WS assignment with the guestbook additions into your workspace, follow the instructions under 3.4 Importing WS project into Eclipse and testing the installation in your Web Application Security assignment.
- In Eclipse select Window Menu/Preferences.
- Open the Server Fold
- Select Runtime Environment
- Select add
- Select Apache Tomcat v7.0 and press Next>
- Select Tomcat directory (Browse->
~/tomcat-7.0.12) and then Finish
- Launch the guestbook in your new Eclipse. You can find details under 3.4 Importing WS project into Eclipse and testing the installation in your Web Application Security assignment.
- Reinitialize the database. Use the new db-init.sql script in
~/guestbook. For details see 3.3 Setting up the database in your Web Application Security assignment.
- Play around with the guestbook.
Do not forget to switch back to your Web Application Security assignment workspace before continuing with the assignment itself.
Practical exercises downloads from previous years
|SASE KU 2008||Archive|
|SASE KU 2009||Archive|
|SASE KU 2010||Archive|
|SASE KU 2011||Archive|
|SASE KU 2012||Archive|