This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
教学大纲 - 您将从这门课程中学到什么
周
1完成时间为 2 小时
OVERVIEW
Overview and expectations of the course
3 个视频 (总计 26 分钟), 4 个阅读材料, 1 个测验
3 个视频
What is software security?7分钟
Tour of the course and expected background11分钟
4 个阅读材料
Introductory Reading10分钟
Syllabus10分钟
FAQ and Errata10分钟
Glossary10分钟
1 个练习
Qualifying Quiz30分钟
完成时间为 2 小时
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 个视频 (总计 50 分钟), 2 个阅读材料, 2 个测验
6 个视频
Memory Layout11分钟
Buffer Overflow6分钟
Code Injection6分钟
Other Memory Exploits11分钟
Format String Vulnerabilities6分钟
2 个阅读材料
Week 1 Reading10分钟
Project 110分钟
2 个练习
Week 1 quiz30分钟
VM BOF quiz24分钟
周
2完成时间为 2 小时
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 个视频 (总计 79 分钟), 1 个阅读材料, 1 个测验
7 个视频
Memory Safety16分钟
Type Safety4分钟
Avoiding Exploitation9分钟
Return Oriented Programming - ROP11分钟
Control Flow Integrity14分钟
Secure Coding18分钟
1 个阅读材料
Week 2 Reading10分钟
1 个练习
Week 2 quiz30分钟
周
3完成时间为 3 小时
WEB SECURITY
Web security: Attacks and defenses
10 个视频 (总计 101 分钟), 2 个阅读材料, 2 个测验
10 个视频
Web Basics10分钟
SQL Injection10分钟
SQL Injection Countermeasures9分钟
Web-based State Using Hidden Fields and Cookies13分钟
Session Hijacking6分钟
Cross-site Request Forgery - CSRF6分钟
Web 2.05分钟
Cross-site Scripting13分钟
Interview with Kevin Haley21分钟
2 个阅读材料
Week 3 Reading10分钟
Project 210分钟
2 个练习
BadStore quiz18分钟
Week 3 quiz32分钟
周
4完成时间为 3 小时
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 个视频 (总计 130 分钟), 1 个阅读材料, 1 个测验
10 个视频
Threat Modeling, or Architectural Risk Analysis9分钟
Security Requirements13分钟
Avoiding Flaws with Principles8分钟
Design Category: Favor Simplicity10分钟
Design Category: Trust With Reluctance12分钟
Design Category: Defense in Depth, Monitoring/Traceability5分钟
Top Design Flaws9分钟
Case Study: Very Secure FTP daemon12分钟
Interview with Gary McGraw40分钟
1 个阅读材料
Week 4 Reading10分钟
1 个练习
Week 4 quiz32分钟
4.6
180 个审阅33%
完成这些课程后已开始新的职业生涯
27%
通过此课程获得实实在在的工作福利
17%
加薪或升职
热门审阅
Content is really valuable and actionable with a specific comeback for the student in terms of secure development, security and how to understand the origin of exploits and other cyber attacks
The course of this kind was extremely needed, still in it's current state it contains lots of inaccuracies in lectures and quizes. I hope they will be fixed up to the future sessions.
讲师
Michael Hicks
ProfessorDepartment of Computer Science
关于 马里兰大学帕克分校
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
关于 网络安全 专项课程
The Cybersecurity Specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques. Successful participants will develop a way of thinking that is security-oriented, better understanding how to think about adversaries and how to build systems that defend against them.
常见问题
我什么时候能够访问课程视频和作业?
注册以便获得证书后,您将有权访问所有视频、测验和编程作业(如果适用)。只有在您的班次开课之后,才可以提交和审阅同学互评作业。如果您选择在不购买的情况下浏览课程,可能无法访问某些作业。
我订阅此专项课程后会得到什么?
您注册课程后,将有权访问专项课程中的所有课程,并且会在完成课程后获得证书。您的电子课程证书将添加到您的成就页中,您可以通过该页打印您的课程证书或将其添加到您的领英档案中。如果您只想阅读和查看课程内容,可以免费旁听课程。
退款政策是如何规定的?
有助学金吗?
还有其他问题吗?请访问 学生帮助中心。
