Secção Nome Descrição
Pasta de ficheiros Messages broadcasted via Sigarra
Hiperligação Curricular Unit (Sigarra)
Hiperligação Schedule
Página Office hours
Hiperligação Lessons' Summaries
Hiperligação Exams' dates
Ficheiro Groups of students
About Exams Ficheiro Normal Exam 2023/24
Lectures Ficheiro 0. Presentation
Ficheiro 1. Introduction (& review)
Ficheiro 1.A Intro-annex: CIAA simplified
Ficheiro 2.1 Cryptography Basics
Ficheiro 2.2 Cryptography - general protection techniques
Ficheiro 2.3 Cryptography 2nd level (part 1)
Ficheiro 2.3 Cryptography 2nd level (part 2)
Ficheiro 3. Sofware Security Components
Ficheiro for printing (4 slides per page)
Página Lectures from OWASP
Ficheiro 4. Introduction to Blockchain
Ficheiro 5. Software Security
Ficheiro For printing (4 slides/page)
Página Some Less Common Software Vulnerabilities
Ficheiro Some Simple Vulnerability Demos
Ficheiro 6. Identity and Authentication Mechanism
Ficheiro For printing (4 slides/page)
Ficheiro 7. Access Control (Authorization) Security Mechanism
Ficheiro For printing (4 slides/page bw)
Ficheiro 8. Web Security
Ficheiro Print version (4 per page)
Ficheiro OAuth Demo (with Node and Koa)

OAuth Koa
=========

This demo contains 3 node.js servers illustrating the OAuth protocol in a simplified implementation. It contains the resource server (resource.js), the authorization (with authentication also) server (authorize.js), and the client application (web app) server (client.js).
The servers were implemented using Koa, a simpler Express replacement, with a separate router file for the API implementations and for generating the web pages (in the client server mostly). The pages are generated using Pug templates containing the HTML (and CSS) and parameters for the content.

To run:
Run the three servers in three different command line consoles (>node ....js).
From a browser, access the client's home page (http://localhost:9001).

See the logs that appear on the consoles as you progress on the web pages.
Ficheiro 9. Distributed Systems Security
Ficheiro Print version (4 per page)
Pasta de ficheiros Authentication using asymmetric cryptography and biometry

Demo with a Web Application and an Android Authenticator app, using QR-codes.
Practical Classes Ficheiro Docker-intro
Pasta de ficheiros 1. Spectre Attack Lab

seedsecuritylabs.org/Labs_20.04/System/Spectre_Attack
Ficheiro Spectre Attack Lab: compiling and running results on jmcruz's machine
Pasta de ficheiros 2. Getting a Digital Certificate

Getting a Digital certificate from Sectigo-U.Porto for email usage: the right way!
Ficheiro create a CSR and ask Sectigo-UPdigital for a certificate

Example of procedure to create a CSR and ask Sectigo-UPdigital for a digital certificate
(worked for JMCruz in 1st semestre 2024/25!)
Pasta de ficheiros 3. Pseudo Random Number Generation Lab

seedsecuritylabs.org/Labs_20.04/Crypto/Crypto_Random_Number
Pasta de ficheiros 4. Padding Oracle Attack Lab

seedsecuritylabs.org/Labs_20.04/Crypto/Crypto_Padding_Oracle
Pasta de ficheiros 5. Hash Length Extension Attack Lab

seedsecuritylabs.org/Labs_20.04/Crypto/Crypto_Hash_Length_Ext
Ficheiro 6. TLS Lab

This lab should be completed and reported in two weeks (Apr 10).
Ficheiro Lab setup files
Ficheiro TLS protocol overview
Ficheiro TLS programming and attacking
Ficheiro PKI, CAs, and web server certificates
Hiperligação Python TLS wrapper documentation
Hiperligação GUI tool to generate certificates and keys (and CAs) for Macs or Windows
Ficheiro 7. Blockchain Reentrancy Attack
Ficheiro Lab setup files
Ficheiro Additional Information on Reentrancy Smart Contracts
Ficheiro Blockchain Concepts and Ethereum
Assignment Ficheiro Authorization in a distributed system using RBAC

Presentation at May 29.
SEED Security Labs Hiperligação SEED Project
Hiperligação SEED Labs 2.0
Hiperligação SEED Labs @ GitHub