Downloads (KU 2012/2013)
Downloads for the practical excercises.
Slides
| Type | Title | Link |
|---|---|---|
 |
P00 Administrative Information | Slides |
|
P01 Introduction to the Web Security Assignment | Slides |
|
P02 Web Security Assignment | Slides |
|
P03 Integer Overflows and Arithmetic Effects (Updated) | Slides |
|
P04 C2 - Buffer Overflows (Part I) | Slides |
|
P05 C2 - Buffer Overflows (Part II) | Slides |
|
P06 C3 - Format strings | Slides |
|
P07 Valgrind and Friends | Slides |
|
P08 C4 - Registry | Slides |
|
P09 C4 - Registry II | Slides |
|
P10 Applied Cryptography in Java | Slides, Example code |
|
P11 Assignment J | Slides |
|
P12 Of Bugs and Certificate Authorities | Slides |
Assignments
| Type | Title | Link |
|---|---|---|
|
WS - Web Security | |
|
C1 - Integer Overflows | |
 |
Baseline patch for task C1 (see PDF for details) | PATCH |
|
C1: Source code for the UnsafeOid Java program | Tarball |
|
C2 - Buffer Overflows | |
|
Baseline patch for task C2 (see PDF for details) | PATCH |
|
C3 - Binary data (bpack) and format strings | |
|
Baseline patch for task C3 (see PDF for details) | PATCH |
|
C4 - The registry | |
|
Baseline patch for task C4 (see PDF for details) | PATCH |
|
J - Applied Cryptography and PKI | |
|
Baseline patch for task J (see PDF for details) | PATCH |
|
J: Example data with Zippy the bug inside | Tarball |
Virtual Appliance
| Type | Title | Link |
|---|---|---|
 |
Reference Virtual Appliance (64-bit version) | SASE12.ova |
 |
GPG signature of the reference virtual appliance (64-bit version) OVA file | SASE12.ova.asc |
|
Reference Virtual Appliance (32-bit version) | SASE12_32.ova |
|
GPG signature of the reference virtual appliance (32-bit version) OVA file | SASE12_32.ova.asc |
We have added a 32-bit version of the virtual appliance reference image which can be used on x86 processor which lack 64-bit support and/or hardware virtualization extensions. In general we recommend to use the 64-bit appliance when possible on your host computer's processor and operating system.
One of our tutors (Sebastian Ramacher) has signed the reference applicance OVA file with his PGP public key (Key ID: 6EA71993). You can verify the integrity and authenticity of your downloaded reference image using PGP or GnuPG. If you have GnuPG (GPG) installed the following command line calls can be used:
#
# 64-bit appliance
#
$ gpg --recv-keys 6EA71993
$ gpg --verify SASE12.ova.asc SASE12.ova
#
# 32-bit appliance
#
$ gpg --recv-keys 6EA71993
$ gpg --verify SASE12_32.ova.asc SASE12_32.ova
Here are the SHA1 and SHA256 hashes of the reference image OVA file, in case you are just interested in the integrity of your download:
#
# 64-bit appliance
#
$ sha1sum -b SASE12.ova
02ae9f08ac4b6318a6d23db0c1bf8ad6a4eb76dd *SASE12.ova
$ sha256sum -b SASE12.ova
6b4e062cef21ef0a34f5e7caf7f46f8fba02fd679ff217ee12f2e58f4aeb0ae4 *SASE12.ova
#
# 32-bit applicance
#
$ sha1sum -b SASE12_32.ova
aaedcdd94c68bd263eb39ebb54bc1e5ae2f61605 *SASE12_32.ova
$ sha256sum -b SASE12_32.ova
d8d83329bd11dadfda06ea57a332f2b1af37d13d9fec5d9f96bfdb0c706b2108 *SASE12_32.ova
The reference image is based on Debian GNU Linux with Apache 2.2.22, PHP 5.4.4-7 and MySQL 5.5.24.
KU downloads from previous years
| Type | Title | Link |
|---|---|---|
 |
SASE KU 2008 | Archive |
|
SASE KU 2009 | Archive |
|
SASE KU 2010 | Archive |
|
SASE KU 2011 | Archive |