This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
教學大綱 - 您將從這門課程中學到什麼
週
1完成時間為 2 小時
OVERVIEW
Overview and expectations of the course
3 個視頻 (總計 26 分鐘), 4 個閱讀材料, 1 個測驗
3 個視頻
What is software security?7分鐘
Tour of the course and expected background11分鐘
4 個閱讀材料
Introductory Reading10分鐘
Syllabus10分鐘
FAQ and Errata10分鐘
Glossary10分鐘
1 個練習
Qualifying Quiz30分鐘
完成時間為 2 小時
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 個視頻 (總計 50 分鐘), 2 個閱讀材料, 2 個測驗
6 個視頻
Memory Layout11分鐘
Buffer Overflow6分鐘
Code Injection6分鐘
Other Memory Exploits11分鐘
Format String Vulnerabilities6分鐘
2 個閱讀材料
Week 1 Reading10分鐘
Project 110分鐘
2 個練習
Week 1 quiz30分鐘
VM BOF quiz24分鐘
週
2完成時間為 2 小時
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 個視頻 (總計 79 分鐘), 1 個閱讀材料, 1 個測驗
7 個視頻
Memory Safety16分鐘
Type Safety4分鐘
Avoiding Exploitation9分鐘
Return Oriented Programming - ROP11分鐘
Control Flow Integrity14分鐘
Secure Coding18分鐘
1 個閱讀材料
Week 2 Reading10分鐘
1 個練習
Week 2 quiz30分鐘
週
3完成時間為 3 小時
WEB SECURITY
Web security: Attacks and defenses
10 個視頻 (總計 101 分鐘), 2 個閱讀材料, 2 個測驗
10 個視頻
Web Basics10分鐘
SQL Injection10分鐘
SQL Injection Countermeasures9分鐘
Web-based State Using Hidden Fields and Cookies13分鐘
Session Hijacking6分鐘
Cross-site Request Forgery - CSRF6分鐘
Web 2.05分鐘
Cross-site Scripting13分鐘
Interview with Kevin Haley21分鐘
2 個閱讀材料
Week 3 Reading10分鐘
Project 210分鐘
2 個練習
BadStore quiz18分鐘
Week 3 quiz32分鐘
週
4完成時間為 3 小時
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 個視頻 (總計 130 分鐘), 1 個閱讀材料, 1 個測驗
10 個視頻
Threat Modeling, or Architectural Risk Analysis9分鐘
Security Requirements13分鐘
Avoiding Flaws with Principles8分鐘
Design Category: Favor Simplicity10分鐘
Design Category: Trust With Reluctance12分鐘
Design Category: Defense in Depth, Monitoring/Traceability5分鐘
Top Design Flaws9分鐘
Case Study: Very Secure FTP daemon12分鐘
Interview with Gary McGraw40分鐘
1 個閱讀材料
Week 4 Reading10分鐘
1 個練習
Week 4 quiz32分鐘
週
5完成時間為 3 小時
PROGRAM ANALYSIS
Static Program Analysis
13 個視頻 (總計 142 分鐘), 2 個閱讀材料, 2 個測驗
13 個視頻
Static Analysis: Introduction part 28分鐘
Flow Analysis8分鐘
Flow Analysis: Adding Sensitivity8分鐘
Context Sensitive Analysis8分鐘
Flow Analysis: Scaling it up to a Complete Language and Problem Set11分鐘
Challenges and Variations8分鐘
Introducing Symbolic Execution10分鐘
Symbolic Execution: A Little History3分鐘
Basic Symbolic Execution14分鐘
Symbolic Execution as Search, and the Rise of Solvers12分鐘
Symbolic Execution Systems8分鐘
Interview with Andy Chou32分鐘
2 個閱讀材料
Week 5 Reading10分鐘
Project 310分鐘
2 個練習
Project 3 quiz16分鐘
Week 5 quiz28分鐘
週
6完成時間為 2 小時
PEN TESTING
Penetration and Fuzz Testing
5 個視頻 (總計 107 分鐘), 1 個閱讀材料, 1 個測驗
5 個視頻
Pen Testing14分鐘
Fuzzing15分鐘
Interview with Eric Eames31分鐘
Interview with Patrice Godefroid35分鐘
1 個閱讀材料
Week 6 Reading10分鐘
1 個練習
Week 6 quiz24分鐘
4.6
180 個審閱33%
完成這些課程後已開始新的職業生涯
27%
通過此課程獲得實實在在的工作福利
17%
加薪或升職
熱門審閱
Content is really valuable and actionable with a specific comeback for the student in terms of secure development, security and how to understand the origin of exploits and other cyber attacks
The course of this kind was extremely needed, still in it's current state it contains lots of inaccuracies in lectures and quizes. I hope they will be fixed up to the future sessions.
講師
Michael Hicks
ProfessorDepartment of Computer Science
關於 马里兰大学帕克分校
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
關於 网络安全 專項課程
The Cybersecurity Specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques. Successful participants will develop a way of thinking that is security-oriented, better understanding how to think about adversaries and how to build systems that defend against them.
常見問題
我什么时候能够访问课程视频和作业?
注册以便获得证书后,您将有权访问所有视频、测验和编程作业(如果适用)。只有在您的班次开课之后,才可以提交和审阅同学互评作业。如果您选择在不购买的情况下浏览课程,可能无法访问某些作业。
我订阅此专项课程后会得到什么?
您注册课程后,将有权访问专项课程中的所有课程,并且会在完成课程后获得证书。您的电子课程证书将添加到您的成就页中,您可以通过该页打印您的课程证书或将其添加到您的领英档案中。如果您只想阅读和查看课程内容,可以免费旁听课程。
退款政策是如何规定的?
有助学金吗?
還有其他問題嗎?請訪問 學生幫助中心。
