Link Search Menu Expand Document

CS 858 - Software Security (F22 term)

Offensive and Defensive Approaches to Software Security

About CS 858 - Software Security

This course provides an in-depth introduction to the state-of-the-art research on software security from three perspectives:

  • common attack vectors to exploit an unsafe program,
  • common defenses mechanisms proposed and deployed in practice, and
  • powerful techniques that can discover a vulnerability automatically (such that we can prevent a bug from hitting production).

Course Logistics

We meet weekly 1:00pm - 3:50pm on Tuesdays at

  • DC 2585 (for in-person meetings) AND
  • Zoom (for virtual attendance)

This course is run primarily through

  • this website (for public information),
  • HotCRP (for presentation and project peer reviews), and
  • Ugster (for CTF submission).

On this website, everyone, including non-registered students, can access the syllabus, weekly schedule, modules and assignments from this website. However, due to university policies, lecture / seminar recordings (if any), will only be available to enrolled students via LEARN.

The paper presentation and research project assignments will be handled via HotCRP — a popular academic conference management software. All students enrolled in this class will need to create a HotCRP account, preferably with your @uwaterloo.ca email address, and will be assigned the role of PC (Program Committee) member. With this role, you can bid for presentation slots and submit peer reviews and comments.


Latest Announcement

Release of the CTF challenge 2

Nov 1 · 0 min read

Hi Everyone,

The second challenge of this CTF assignment is released. Please visit the CTF assignment page for more details. In this challenge, you will explore a new program optimization practice called fixedpoint optimization.

Be aware that this is still an experimental platform so we do expect bugs in the system. If you encounter one, please do not hesitate to email the instructor directly.

Last but not least, enjoy hacking the static analyzer!

All announcements