关于此课程: This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
制作方: 马里兰大学帕克分校
教学方: Michael Hicks, Professor
Department of Computer Science
| 基本信息 | 课程 2(共 5 门,Cybersecurity Specialization ) |
| 承诺学习时间 | 6 weeks of study, 3-5 hours/week |
| 语言 | English, 字幕: Korean |
| 如何通过 | 通过所有计分作业以完成课程。 |
| 用户评分 |
授课大纲
第 1 周
OVERVIEW
Overview and expectations of the course
3 视频, 4 阅读材料, 1 练习测试
- Lecture: Introductory Reading
- Lecture: Syllabus
- 视频: Introducing Computer Security
- 视频: What is software security?
- 视频: Tour of the course and expected background
- Quiz pour s'exercer: Qualifying Quiz
- Lecture: FAQ and Errata
- Lecture: Glossary
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 视频, 2 阅读材料
- Lecture: Week 1 Reading
- 视频: Low Level Security: Introduction
- 视频: Memory Layout
- 视频: Buffer Overflow
- 视频: Code Injection
- 视频: Other Memory Exploits
- 视频: Format String Vulnerabilities
- Lecture: Project 1
已评分: Week 1 quiz
已评分: VM BOF quiz
第 2 周
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 视频, 1 阅读材料
- Lecture: Week 2 Reading
- 视频: Defenses Against Low-Level Attacks: Introduction
- 视频: Memory Safety
- 视频: Type Safety
- 视频: Avoiding Exploitation
- 视频: Return Oriented Programming - ROP
- 视频: Control Flow Integrity
- 视频: Secure Coding
已评分: Week 2 quiz
第 3 周
WEB SECURITY
Web security: Attacks and defenses
10 视频, 2 阅读材料
- Lecture: Week 3 Reading
- 视频: Security for the Web: Introduction
- 视频: Web Basics
- 视频: SQL Injection
- 视频: SQL Injection Countermeasures
- 视频: Web-based State Using Hidden Fields and Cookies
- 视频: Session Hijacking
- 视频: Cross-site Request Forgery - CSRF
- 视频: Web 2.0
- 视频: Cross-site Scripting
- 视频: Interview with Kevin Haley
- Lecture: Project 2
已评分: BadStore quiz
已评分: Week 3 quiz
第 4 周
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 视频, 1 阅读材料
- Lecture: Week 4 Reading
- 视频: Designing and Building Secure Software: Introduction
- 视频: Threat Modeling, or Architectural Risk Analysis
- 视频: Security Requirements
- 视频: Avoiding Flaws with Principles
- 视频: Design Category: Favor Simplicity
- 视频: Design Category: Trust With Reluctance
- 视频: Design Category: Defense in Depth, Monitoring/Traceability
- 视频: Top Design Flaws
- 视频: Case Study: Very Secure FTP daemon
- 视频: Interview with Gary McGraw
已评分: Week 4 quiz
第 5 周
PROGRAM ANALYSIS
Static Program Analysis
13 视频, 2 阅读材料
- Lecture: Week 5 Reading
- 视频: Static Analysis: Introduction part 1
- 视频: Static Analysis: Introduction part 2
- 视频: Flow Analysis
- 视频: Flow Analysis: Adding Sensitivity
- 视频: Context Sensitive Analysis
- 视频: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- 视频: Challenges and Variations
- 视频: Introducing Symbolic Execution
- 视频: Symbolic Execution: A Little History
- 视频: Basic Symbolic Execution
- 视频: Symbolic Execution as Search, and the Rise of Solvers
- 视频: Symbolic Execution Systems
- 视频: Interview with Andy Chou
- Lecture: Project 3
已评分: Project 3 quiz
已评分: Week 5 quiz
第 6 周
PEN TESTING
Penetration and Fuzz Testing
5 视频, 1 阅读材料
- Lecture: Week 6 Reading
- 视频: Penetration Testing: Introduction
- 视频: Pen Testing
- 视频: Fuzzing
- 视频: Interview with Eric Eames
- 视频: Interview with Patrice Godefroid
已评分: Week 6 quiz
常见问题解答
运作方式
Travail en cours
Chaque cours fonctionne comme un manuel interactif en proposant des vidéos préenregistrées, des quiz et des projets.
Aide de la part de vos pairs
Connectez-vous à des milliers d'autres étudiants et débattez sur des idées, discutez le contenu du cours et obtenez de l'aide pour en maîtriser les concepts.
Certificats
Obtenez une reconnaissance officielle pour votre travail et partagez votre réussite avec vos amis, vos collègues et vos employeurs.
制作方
马里兰大学帕克分校
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
价格
| 购买课程 | |
|---|---|
| 访问课程材料 | 可用 |
| 访问评分的材料 | 可用 |
| 收到最终成绩 | 可用 |
| 获得可共享的课程证书 | 可用 |
评分和审阅
Es un gran curso que aporta valioso conocimiento para el desarrollo de software seguro.
Good course with wide range of important topics. I can recommend this course as introduction before further specialization. (low-level programming, sw testing, web security)
Good!
Excellent content coverage.