331 - Network and Web Security - 2018

Table of Contents



  • Lectures are over
  • The exam will take place on Wednesday 21st of March, from 2pm to 5pm in Hux 219



  • Office hours: Thursday 5pm, Hux 441.
  • Please post your questions on our Piazza page!
    • Other students may benefit from your questions, or may know the answer.
    • We will do our best to answer any remaining questions quickly.
  • BYOD
    • We will have some in-class demos. You are welcome to bring your laptop if you want to be hands-on.
    • We may use mentimeter, so bring an internet-enabled device if you want to participate.
  • Slides will be available on CATE the day before the lecture.
  • Suggested reading will be pointed out during the lectures and then posted on this page.
  • This course is not being recorded on Panopto.
  • Timetable:
    • Tue 11am-1pm Hux 311 (lecture)
    • Fri 4pm-5pm Hux 308 (lecture)
    • Fri 5pm-6pm $@#$%!! Hux 219 (lab)
  • For external students: the registration link is here


  • Assessed coursework
    • The exercise was issued here on the 20/2 at 6pm.
    • The (electronic) submission deadline was on the 1/3 at 6pm.
      • The 'Test' on CATE is just a placeholder for your marks, please ignore.
    • Marks and personalised feedback were provided by email on the 2/3 by 8pm.
      • You can still log on the web app and review your submission.
  • Exam
    • Wednesday the 21st of March at 2pm in Hux 219.
    • Answer 3 questions out of 4 in 3 hours.
    • The exam is computer-based
      • Each exam question will be roughly half written, half practical.
      • You will submit the written answers electronically via a web app.
      • For the practical part, you will perform tasks such as code review, pentesting, etc on VMs that you will find already installed on the lab desktop.




sergio.jpg Sergio Maffeis (Lecturer). Sergio is a senior lecturer in Computer Security at Imperial. He received his Ph.D. from Imperial and his MSc from University of Pisa, Italy. Maffeis' research interests include security, formal methods, and programming languages. His recent work focuses on the application of formal methods to web security. You can find out more from his home page.

abdulrahman.jpg Abdulrahman Alsaleh (Tutorial Helper). Abdulrahman is a PhD student at Imperial working on automated reverse engineering of web application security protocols, under the supervision of Dr Maffeis.

federico.jpg Federico Morini (Tutorial Helper). Federico is a Teaching Scholar and PhD student at Imperial. He works on reverse engineering network protocols using only network traffic data, mainly for SCADA networks, under the supervision of Prof Lupu.

giulio.jpg Giulio Zizzo (Tutorial Helper). Giulio is a PhD student at Imperial working on intrusion detection for industrial control systems, under the supervision of Prof Hankin.

Guest Lecturers

marco.jpg Marco Cova (Guest Lecturer). Marco is a senior security researcher and a member of the founding team of Lastline, a company providing anti-malware solutions. Before defecting to industry, he was a Lecturer in Computer Security with the School of Computer Science, University of Birmingham. He has received his PhD from the University of California, Santa Barbara.

ibrahim.png Ibrahim ElSayed (Guest Lecturer). Ibrahim has been a security engineer at Facebook since 2016. Before facebook, he worked as a security consultant. Most of his work was doing penetrations testing (offensive side), now he is more active on the defensive side trying to protect facebook. He enjoys participating to CTFs.

charlie.jpg Charlie Hothersall-Thomas (Guest Lecturer). Charlie graduated in 2014 with a BEng in Computing from Imperial College London, and currently works for Netcraft in Bath. His technical expertise includes web security, TLS and PKI, Linux system administration, Bitcoin, and Tor. He started BrowserAudit as his final year project at Imperial.