關於此課程:This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
製作方: University of Maryland, College Park
教學方: Michael Hicks, Professor
Department of Computer Science
| 基本信息 | 課程 2(共 5 門,Cybersecurity Specialization ) |
| 承諾學習時間 | 6 weeks of study, 3-5 hours/week |
| 語言 | English, 字幕:Korean |
| 如何通過 | 通過所有計分作業以完成課程。 |
| 用戶評分 |
授課大綱
第 1 週
OVERVIEW
Overview and expectations of the course
3 個視頻, 4 個閱讀材料, 1 個練習測驗
- Reading: Introductory Reading
- Reading: Syllabus
- 視頻: What is software security?
- 視頻: Tour of the course and expected background
- Practice Quiz: Qualifying Quiz
- Reading: FAQ and Errata
- Reading: Glossary
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 個視頻, 2 個閱讀材料
- Reading: Week 1 Reading
- 視頻: Memory Layout
- 視頻: Buffer Overflow
- 視頻: Code Injection
- 視頻: Other Memory Exploits
- 視頻: Format String Vulnerabilities
- Reading: Project 1
已評分: Week 1 quiz
已評分: VM BOF quiz
第 2 週
DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 個視頻, 1 個閱讀材料
- Reading: Week 2 Reading
- 視頻: Memory Safety
- 視頻: Type Safety
- 視頻: Avoiding Exploitation
- 視頻: Return Oriented Programming - ROP
- 視頻: Control Flow Integrity
- 視頻: Secure Coding
已評分: Week 2 quiz
第 3 週
WEB SECURITY
Web security: Attacks and defenses
10 個視頻, 2 個閱讀材料
- Reading: Week 3 Reading
- 視頻: Web Basics
- 視頻: SQL Injection
- 視頻: SQL Injection Countermeasures
- 視頻: Web-based State Using Hidden Fields and Cookies
- 視頻: Session Hijacking
- 視頻: Cross-site Request Forgery - CSRF
- 視頻: Web 2.0
- 視頻: Cross-site Scripting
- 視頻: Interview with Kevin Haley
- Reading: Project 2
已評分: BadStore quiz
已評分: Week 3 quiz
第 4 週
SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 個視頻, 1 個閱讀材料
- Reading: Week 4 Reading
- 視頻: Threat Modeling, or Architectural Risk Analysis
- 視頻: Security Requirements
- 視頻: Avoiding Flaws with Principles
- 視頻: Design Category: Favor Simplicity
- 視頻: Design Category: Trust With Reluctance
- 視頻: Design Category: Defense in Depth, Monitoring/Traceability
- 視頻: Top Design Flaws
- 視頻: Case Study: Very Secure FTP daemon
- 視頻: Interview with Gary McGraw
已評分: Week 4 quiz
第 5 週
PROGRAM ANALYSIS
Static Program Analysis
13 個視頻, 2 個閱讀材料
- Reading: Week 5 Reading
- 視頻: Static Analysis: Introduction part 2
- 視頻: Flow Analysis
- 視頻: Flow Analysis: Adding Sensitivity
- 視頻: Context Sensitive Analysis
- 視頻: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- 視頻: Challenges and Variations
- 視頻: Introducing Symbolic Execution
- 視頻: Symbolic Execution: A Little History
- 視頻: Basic Symbolic Execution
- 視頻: Symbolic Execution as Search, and the Rise of Solvers
- 視頻: Symbolic Execution Systems
- 視頻: Interview with Andy Chou
- Reading: Project 3
已評分: Project 3 quiz
已評分: Week 5 quiz
第 6 週
PEN TESTING
Penetration and Fuzz Testing
5 個視頻, 1 個閱讀材料
- Reading: Week 6 Reading
- 視頻: Pen Testing
- 視頻: Fuzzing
- 視頻: Interview with Eric Eames
- 視頻: Interview with Patrice Godefroid
已評分: Week 6 quiz
常見問題解答
運作方式
Coursework
Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.
Help from Your Peers
Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.
Certificates
Earn official recognition for your work, and share your success with friends, colleagues, and employers.
製作方
University of Maryland, College Park
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
價格
| 購買課程 | |
|---|---|
| 訪問課程材料 | 可用 |
| 訪問評分的材料 | 可用 |
| 收到最終成績 | 可用 |
| 獲得可共享的課程證書 | 可用 |
評分和審閱
Excellent. Was able to review the course and catch up my peers in a security course.
It's a great a course but if there any lab practice like CTF will be great
It has been a challenge studying this course. I definitely learned a lot
h
The course is impressively well-structured and organised. When I came to know about MIT's OCW's Computer Security course, I was eagerly hoping it gets included in as a Mooc. After taking this course, I believe it's on the same par.
Software Security is intended for a more advanced audience compared to usable security. Mainly, those who have some modest experience with programming and are aiming to apply security designs and implementations to their code. Moreover, it gives you a good idea, backed up with labs, about security in domains like web application, low-level systems, penetration testing, etc, good enough for someone to choose which one to pursue a career in.