LFU:online

After passing this course, the student has gained an understanding of general static program analysis concepts, as well as hands-on experience using these concepts to analyze PHP programs. This course covers fundamental concepts such as Abstract Syntax Trees (AST), Control Flow Graphs (CFG), Program Dependency Graphs (PDG), Call Graphs, and their merge as a Code Property Graph (CPG). Each covered concept is then transferred towards analyzing real-life PHP applications for common data and control flow vulnerabilities using basic graph traversal approaches and slicing.

The goal of this course is to provide practical understanding and hands-on experience in conducting static program analysis to identify security vulnerabilities. We will cover the required concepts and apply them in hands-on exercises analyzing PHP applications. 

• Representing programs as a graph: AST, CFG, PDG, Call Graph, Code Property Graphs
• Common data and control flow vulnerabilities in PHP web applications such as XSS, SQLi, CMDi, execution after redirect, or race conditions
• Leveraging path traversal and slicing to identify vulnerabilities in applications

The course is a continuous assessment course.

Students attending this course should have experience in programming, at least in Java, preferably across multiple languages. The main programming languages of this course are PHP and Scala 3, a JVM dialect close to Java. We will cover the required basics for both languages, but students are expected to deepen their understanding at home.

The accompanying material and tools are written in Scala 3, and students are expected to work with and extend this tooling. 

This course is given in English, and all resources will be provided in English.