|
 Messages broadcasted via Sigarra |
|
|
 Curricular Unit (Sigarra) |
|
|
Schedule |
|
|
 Office hours |
|
|
Lessons' Summaries |
|
|
Exams' dates |
|
|
 Groups of students |
|
|
| About Exams |
Normal Exam 2023/24 |
|
|
| Lectures |
0. Presentation |
|
|
1. Introduction (& review) |
|
|
1.A Intro-annex: CIAA simplified |
|
|
2.1 Cryptography Basics |
|
|
2.2 Cryptography - general protection techniques |
|
|
2.3 Cryptography 2nd level (part 1) |
|
|
2.3 Cryptography 2nd level (part 2) |
|
|
3. Sofware Security Components |
|
|
for printing (4 slides per page) |
|
|
Lectures from OWASP |
|
|
4. Introduction to Blockchain |
|
|
5. Software Security |
|
|
For printing (4 slides/page) |
|
|
Some Less Common Software Vulnerabilities |
|
|
 Some Simple Vulnerability Demos |
|
|
6. Identity and Authentication Mechanism |
|
|
For printing (4 slides/page) |
|
|
7. Access Control (Authorization) Security Mechanism |
|
|
For printing (4 slides/page bw) |
|
|
8. Web Security |
|
|
Print version (4 per page) |
|
|
OAuth Demo (with Node and Koa) |
OAuth Koa
========= This demo contains 3 node.js servers illustrating the OAuth protocol in a simplified implementation. It contains the resource server (resource.js), the authorization (with authentication also) server (authorize.js), and the client application (web app) server (client.js).
The servers were implemented using Koa, a simpler Express replacement, with a separate router file for the API implementations and for generating the web pages (in the client server mostly). The pages are generated using Pug templates containing the HTML (and CSS) and parameters for the content. To run:
Run the three servers in three different command line consoles (>node ....js).
From a browser, access the client's home page (http://localhost:9001). See the logs that appear on the consoles as you progress on the web pages. |
|
9. Distributed Systems Security |
|
|
Print version (4 per page) |
|
|
Authentication using asymmetric cryptography and biometry |
Demo with a Web Application and an Android Authenticator app, using QR-codes. |
|
| Practical Classes |
Docker-intro |
|
|
1. Spectre Attack Lab |
|
|
 Spectre Attack Lab: compiling and running results on jmcruz's machine |
|
|
2. Getting a Digital Certificate |
Getting a Digital certificate from Sectigo-U.Porto for email usage: the right way! |
|
create a CSR and ask Sectigo-UPdigital for a certificate |
Example of procedure to create a CSR and ask Sectigo-UPdigital for a digital certificate
(worked for JMCruz in 1st semestre 2024/25!) |
|
3. Pseudo Random Number Generation Lab |
|
|
4. Padding Oracle Attack Lab |
|
|
5. Hash Length Extension Attack Lab |
|
|
6. TLS Lab |
This lab should be completed and reported in two weeks (Apr 10). |
|
Lab setup files |
|
|
TLS protocol overview |
|
|
TLS programming and attacking |
|
|
PKI, CAs, and web server certificates |
|
|
Python TLS wrapper documentation |
|
|
GUI tool to generate certificates and keys (and CAs) for Macs or Windows |
|
|
7. Blockchain Reentrancy Attack |
|
|
Lab setup files |
|
|
Additional Information on Reentrancy Smart Contracts |
|
|
Blockchain Concepts and Ethereum |
|
|
| Assignment |
Authorization in a distributed system using RBAC |
|
|
| SEED Security Labs |
SEED Project |
|
|
SEED Labs 2.0 |
|
|
SEED Labs @ GitHub |
|