Applications 2024-02-15 - 2024-08-09
COURSE DESCRIPTION
Every sector of the global economy relies on software. This makes software one of the principal targets for state-sponsored groups, military, criminals and other type of adversaries. Such attacks try to exploit insecure code, that is seemingly innocent bugs, which allow the adversaries to obtain unauthorized access to information or to take full control of compromised systems. The purpose of this course is to train software professionals in understanding in depth how insecure code can be exploited. In addition, it will equip them with knowledge in how to defend against this type attacks.
The course begins by analyzing technical, psychological, and real-world factors that lead to production of vulnerable code. This is important knowledge for both developers and managers as it allows them to take actions that mitigate the impact of these factors, both when programming is performed but also during project management.
Software exploits use specially crafted input data to applications and services to leverage logic flaws in the code that processes the input. Typically, the exploits overwrite specific structures in the program memory space, which allows them to bypass access control mechanisms and/or execute code provided as part of the input data. Therefore, a large part of the course is dedicated to understanding how exploits are constructed, essentially learning attackers’ “modus operandi”.
This course provides an understanding of automating software testing using program analysis with the goal of intelligently and algorithmically creating tests. The course covers search-based test generation, combinatorial and random testing while highlighting the challenges associated with the use of automatic test generation. You will learn: Understand algorithmic test generation techniques and their use in developer testing and continuous integration. Understand how to automatically generate test cases with assertions. Have a working knowledge and experience in static and dynamic generation of tests. Have an overview knowledge in search-based testing and the use of machine learning for test generation.
This course deals with model-based testing, a class of technologies shown to be effective and efficient in assessing the quality and correctness of large software systems. Throughout the course the participants will learn how to design and use model-based testing tools, how to create realistic models and how to use these models to automate the testing process in their organisation.
The aim of this course is to provide participants with the principles behind model-driven development of software systems and the application of such a methodology in practice. Modelling is an effective solution to reduce problem complexity and, as a consequence, to enhance time-to-market and properties of the final product.
The purpose is to give the students an overview of issues and methods for development and assurance of safety-critical software, including details of selected technologies, methods and tools. The course includes four modules: Introduction to functional safety; knowledge that give increased understanding of the relationship between Embedded systems / safety-critical system / accidents / complexity / development models (development lifecycle models) / certification / “the safety case”. Analysis and modelling methods; review of analysis and modelling techniques for the development of safety-critical systems. Verification and validation of safety critical software, methods and activities to perform verification and validation. Architectures for safety critical systems. Safety as a design constraint.
The aim of this course is to give students insight about certification and about what it means to certify/self-assess safety- critical systems with focus on software system and to create a safety case, including a multi-concern perspective when needed and reuse opportunities, when appropriate.
This course provides an understanding of the fundamental problems in software testing, as well as solid foundation in the practical methods and tools for a systematic state-of-the-art approach to testing of software.