Enterprise and IT Security (ENITS)

Do you aspire to a leadership position in the field of IT security? The advanced, comprehensive Master’s degree program Enterprise and IT Security (ENITS) of Offenburg University will open the doors for you and help you to achieve your goal.

Modul manual


Software Security


The course stands on its own. Prior knowledge of Assembly and C is beneficial, but not required.

Teaching methods Lecture/Lab
Learning target / Competences

After successful participation in the course students shall have

  • knowledge and application skills with selected tools for “reverse engineering”
  • familiarity with basic considerations of security for software components and ability to evaluate them
  • understanding of the impact of security vulnerabilities within software components and competence in hardening/mitigating them
Duration 1
SWS 4.0
Classes 60
Individual / Group work:
Workload 360
ECTS 6.0
Credits and grades

written exam, 90 min. (K90, Software Security) and report (BE, Lab Software Security)

Responsible person

Prof. Dr. Dirk Westhoff

Recommended semester 1
Frequency Every 2nd sem.

Comprehensive knowledge of “reverse engineering” approaches and the capability to judge the security of software-components are increasingly required by potential employers of computer-science graduates.


Software Security

Type Vorlesung
Nr. M+I809
SWS 2.0


  • historical considerations of “reverse engineering” and software security assessment

Reverse engineering

  • overview of reverse engineering tools (system tools, disassemblers, debuggers, decompilers)
  • detailed introduction to different tools, such as gdb and radare2
  • introduction to Assembly and C, with practical examples of reverse engineering
  • architecture-specific differences of reverse engineering of software components
  • introduction of obfuscation methods for hardening

Software security assessment

  • overview of security-critical vulnerabilities in software components (e.g. memory-corruption vulnerability, format-string vulnerability)
  • impact of vulnerabilities with practical examples of “exploitation”
  • detection of vulnerabilities by means of reverse engineering
  • introduction to various security mechanisms for mitigation of such vulnerabilities (data execution prevention, address space layout randomization, stack canaries, etc.)
  • Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, 2006.
  • Eldad Eilam, Reversing: Secrets of Reverse Engineering, 2005.
  • Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014.

Software Security Labor

Type Labor
Nr. M+I810
SWS 2.0

See M+I809 Software Security


See M+I809 Software Security