课程信息
4.6
702 个评分
168 个审阅
This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials....
Stacks

Course 2 of 5 in the

Globe

100% 在线课程

立即开始,按照自己的计划学习。
Calendar

可灵活调整截止日期

根据您的日程表重置截止日期。
Clock

Approx. 22 hours to complete

建议:6 weeks of study, 3-5 hours/week...
Comment Dots

English

字幕:English, Korean...

您将获得的技能

Fuzz TestingBuffer OverflowSql InjectionPenetration Test
Stacks

Course 2 of 5 in the

Globe

100% 在线课程

立即开始,按照自己的计划学习。
Calendar

可灵活调整截止日期

根据您的日程表重置截止日期。
Clock

Approx. 22 hours to complete

建议:6 weeks of study, 3-5 hours/week...
Comment Dots

English

字幕:English, Korean...

教学大纲 - 您将从这门课程中学到什么

Week
1
Clock
完成时间为 2 小时

OVERVIEW

Overview and expectations of the course...
Reading
3 个视频(共 26 分钟), 4 个阅读材料, 1 个测验
Video3 个视频
What is software security?7分钟
Tour of the course and expected background11分钟
Reading4 个阅读材料
Introductory Reading10分钟
Syllabus10分钟
FAQ and Errata10分钟
Glossary10分钟
Quiz1 个练习
Qualifying Quiz30分钟
Clock
完成时间为 2 小时

LOW-LEVEL SECURITY

Low-level security: Attacks and exploits ...
Reading
6 个视频(共 50 分钟), 2 个阅读材料, 2 个测验
Video6 个视频
Memory Layout11分钟
Buffer Overflow6分钟
Code Injection6分钟
Other Memory Exploits11分钟
Format String Vulnerabilities6分钟
Reading2 个阅读材料
Week 1 Reading10分钟
Project 110分钟
Quiz2 个练习
Week 1 quiz30分钟
VM BOF quiz24分钟
Week
2
Clock
完成时间为 2 小时

DEFENDING AGAINST LOW-LEVEL EXPLOITS

Defending against low-level exploits...
Reading
7 个视频(共 79 分钟), 1 个阅读材料, 1 个测验
Video7 个视频
Memory Safety16分钟
Type Safety4分钟
Avoiding Exploitation9分钟
Return Oriented Programming - ROP11分钟
Control Flow Integrity14分钟
Secure Coding18分钟
Reading1 个阅读材料
Week 2 Reading10分钟
Quiz1 个练习
Week 2 quiz30分钟
Week
3
Clock
完成时间为 3 小时

WEB SECURITY

Web security: Attacks and defenses...
Reading
10 个视频(共 101 分钟), 2 个阅读材料, 2 个测验
Video10 个视频
Web Basics10分钟
SQL Injection10分钟
SQL Injection Countermeasures9分钟
Web-based State Using Hidden Fields and Cookies13分钟
Session Hijacking6分钟
Cross-site Request Forgery - CSRF6分钟
Web 2.05分钟
Cross-site Scripting13分钟
Interview with Kevin Haley21分钟
Reading2 个阅读材料
Week 3 Reading10分钟
Project 210分钟
Quiz2 个练习
BadStore quiz18分钟
Week 3 quiz32分钟
Week
4
Clock
完成时间为 3 小时

SECURE SOFTWARE DEVELOPMENT

Designing and Building Secure Software...
Reading
10 个视频(共 130 分钟), 1 个阅读材料, 1 个测验
Video10 个视频
Threat Modeling, or Architectural Risk Analysis9分钟
Security Requirements13分钟
Avoiding Flaws with Principles8分钟
Design Category: Favor Simplicity10分钟
Design Category: Trust With Reluctance12分钟
Design Category: Defense in Depth, Monitoring/Traceability5分钟
Top Design Flaws9分钟
Case Study: Very Secure FTP daemon12分钟
Interview with Gary McGraw40分钟
Reading1 个阅读材料
Week 4 Reading10分钟
Quiz1 个练习
Week 4 quiz32分钟
4.6
Direction Signs

25%

完成这些课程后已开始新的职业生涯
Briefcase

83%

通过此课程获得实实在在的工作福利
Money

18%

加薪或升职

热门审阅

创建者 PRNov 20th 2016

Content is really valuable and actionable with a specific comeback for the student in terms of secure development, security and how to understand the origin of exploits and other cyber attacks

创建者 DTMay 9th 2016

The course of this kind was extremely needed, still in it's current state it contains lots of inaccuracies in lectures and quizes. I hope they will be fixed up to the future sessions.

讲师

Michael Hicks

Professor
Department of Computer Science

关于 University of Maryland, College Park

The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign. ...

关于 Cybersecurity 专项课程

The Cybersecurity Specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques. Successful participants will develop a way of thinking that is security-oriented, better understanding how to think about adversaries and how to build systems that defend against them....
Cybersecurity

常见问题

  • Once you enroll for a Certificate, you’ll have access to all videos, quizzes, and programming assignments (if applicable). Peer review assignments can only be submitted and reviewed once your session has begun. If you choose to explore the course without purchasing, you may not be able to access certain assignments.

  • When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

还有其他问题吗?请访问 学生帮助中心