Skip to main content
CODE 101811
ACADEMIC YEAR 2026/2027
CREDITS
SCIENTIFIC DISCIPLINARY SECTOR INF/01
LANGUAGE English
TEACHING LOCATION
  • GENOVA
SEMESTER 1° Semester

OVERVIEW

The course aims at making developers aware that (poorly written) programs can be exploited for malicious purposes, making them act in unintended ways. This goal is achieved by showing how binary programs can be analysed and exploited.
Moreover, the course describes how to design & write secure software, i.e., resistant to attack by malicious or mischievous people or programs.
Analysis procedures in adversarial contexts, such as malware analysis, will be also discussed.

AIMS AND CONTENT

LEARNING OUTCOMES

Learning how to write secure code, analyze the behavior and assess security properties of source and binary programs, pinpointing and fix their vulnerabilities or apply corrective counter-measures.

AIMS AND LEARNING OUTCOMES

At the end of the course, students will be able to:

  • write secure code
  • assess security properties of source and binary programs
  • pinpoint program vulnerabilities
  • fix vulnerabilities or apply corrective counter-measures.

For the 9-CFU path, students will be also able to analyze programs in adversarial contexts; e.g., malware samples.

PREREQUISITES

Proficiency in programming, familiarity with C (especially direct memory management) and operating system concepts.

TEACHING METHODS

Class lectures and hands-on activities.

Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version".

Students who hold valid certificates relating to Specific Learning Difficulties (SLD), disabilities or other educational needs are invited to contact the lecturer and the school’s disability liaison officer at the start of the course to agree on any teaching arrangements which, whilst respecting the course objectives, take into account individual learning styles. 

The contact details for the university’s disability liaison officer are available at the following link: https://unige.it/commissioni/comitatoperlinclusionedeglistudenticondisabilita.

SYLLABUS/CONTENT

  • Introduction
  • What binaries are, and how they get executed
  • Dynamic Analysis
  • Static Analysis
  • Secure coding; common weaknesses
  • Anti-analysis techniques and malware analysis
  • Exploitation

Some topics and exercises, explicitly marked as such in the support material, are optional for students with the "6-CFU version".

RECOMMENDED READING/BIBLIOGRAPHY

Support material and recommended bibliography will be available on AulaWeb.

TEACHERS AND EXAM BOARD

LESSONS

LESSONS START

https://easyacademy.unige.it/portalestudenti/index.php?view=easycourse&_lang=it&include=corso

Class schedule

The timetable for this course is available here: Portale EasyAcademy

EXAMS

EXAM DESCRIPTION

Hands-on session and oral discussion.

Guidelines for students with certified Specific Learning Disorders, disabilities, or other special educational needs are available at https://corsi.unige.it/en/corsi/10852/studenti-disabilita-dsa

ASSESSMENT METHODS

The examination will assess the ability of analysing programs for security vulnerabilites, developing simple exploits and applying corrective fixes. Moreover, the knowledge of concepts presented in lectures, and the ability to analyse and articulate them clearly.

9-CFU students may be assigned malware/malware-like samples to analyze.

FURTHER INFORMATION

For further information, please refer to the course’s AulaWeb module or contact the instructor.

Students with valid certifications for Specific Learning Disorders (SLD) may request accommodations for exams at least 7 days prior to the exam date by filling out the “accommodation request form” (available via online services at https://modulionline.unige.it/richiesta-adattamenti# no-back), which will be automatically forwarded by the system to the instructor in charge of the course and to the faculty liaison for students with disabilities and SLDs in their School/Department. 

The student will receive a copy of their request.