Vulnérabilités Logicielles

  • Voir la page en français

    In brief

  • Code : N9EN25A


Learn the following concepts:

    Various software vulnerabilities
        various BOFs (stacks, heaps, BSS)
        format strings
        integer overflow
        SUID program
        return oriented programming
    Static analysis undefined behavior
    Countermeasures (Control Flow integrity, etc.)


The objective of this course is to introduce students to different types of software vulnerabilities that are frequently encountered, especially in programs written in the C language, the language that will be used in this course. The usual memory protection countermeasures to protect against these types of vulnerabilities are also proposed.

At the end of this course, the student will be able to analyze a program and judge its security level by considering the software vulnerabilities presented in this course. He will be able to identify the tests to be performed to highlight the existence of a software vulnerability. He will also be able to compare different countermeasures, to identify the most suitable one to correct a vulnerability and to implement it.

Finally, good development practices for security are exposed. With the help of the OpenBSD case study, students learn for example the right architectural choices and functions of the standard C library to use or avoid.




The National Institute of Electrical engineering, Electronics, Computer science,Fluid mechanics & Telecommunications and Networks

2, rue Charles Camichel - BP 7122
31071 Toulouse Cedex 7, France

+33 (0)5 34 32 20 00


  • Logo MENESR
  • Logo UTFTMP
  • Logo INP
  • Logo INPT
  • Logo Mines télécoms
  • Logo CTI
  • Logo CDEFI
  • Logo midisup