關於此課程:This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
教學方: Michael Hicks, Professor
Department of Computer Science
| 基本信息 | 課程 2(共 5 門,Cybersecurity Specialization ) |
| 承諾學習時間 | 6 weeks of study, 3-5 hours/week |
| 語言 | English, 字幕:Korean |
| 如何通過 | 通過所有計分作業以完成課程。 |
| 用戶評分 |
- Reading: Introductory Reading
- Reading: Syllabus
- 視頻: What is software security?
- 視頻: Tour of the course and expected background
- Practice Quiz: Qualifying Quiz
- Reading: FAQ and Errata
- Reading: Glossary
- Reading: Week 1 Reading
- 視頻: Memory Layout
- 視頻: Buffer Overflow
- 視頻: Code Injection
- 視頻: Other Memory Exploits
- 視頻: Format String Vulnerabilities
- Reading: Project 1
- Reading: Week 2 Reading
- 視頻: Memory Safety
- 視頻: Type Safety
- 視頻: Avoiding Exploitation
- 視頻: Return Oriented Programming - ROP
- 視頻: Control Flow Integrity
- 視頻: Secure Coding
- Reading: Week 3 Reading
- 視頻: Web Basics
- 視頻: SQL Injection
- 視頻: SQL Injection Countermeasures
- 視頻: Web-based State Using Hidden Fields and Cookies
- 視頻: Session Hijacking
- 視頻: Cross-site Request Forgery - CSRF
- 視頻: Web 2.0
- 視頻: Cross-site Scripting
- 視頻: Interview with Kevin Haley
- Reading: Project 2
- Reading: Week 4 Reading
- 視頻: Threat Modeling, or Architectural Risk Analysis
- 視頻: Security Requirements
- 視頻: Avoiding Flaws with Principles
- 視頻: Design Category: Favor Simplicity
- 視頻: Design Category: Trust With Reluctance
- 視頻: Design Category: Defense in Depth, Monitoring/Traceability
- 視頻: Top Design Flaws
- 視頻: Case Study: Very Secure FTP daemon
- 視頻: Interview with Gary McGraw
- Reading: Week 5 Reading
- 視頻: Static Analysis: Introduction part 2
- 視頻: Flow Analysis
- 視頻: Flow Analysis: Adding Sensitivity
- 視頻: Context Sensitive Analysis
- 視頻: Flow Analysis: Scaling it up to a Complete Language and Problem Set
- 視頻: Challenges and Variations
- 視頻: Introducing Symbolic Execution
- 視頻: Symbolic Execution: A Little History
- 視頻: Basic Symbolic Execution
- 視頻: Symbolic Execution as Search, and the Rise of Solvers
- 視頻: Symbolic Execution Systems
- 視頻: Interview with Andy Chou
- Reading: Project 3
- Reading: Week 6 Reading
- 視頻: Pen Testing
- 視頻: Fuzzing
- 視頻: Interview with Eric Eames
- 視頻: Interview with Patrice Godefroid
Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.
Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.
Earn official recognition for your work, and share your success with friends, colleagues, and employers.
| 購買課程 | |
|---|---|
| 訪問課程材料 | 可用 |
| 訪問評分的材料 | 可用 |
| 收到最終成績 | 可用 |
| 獲得可共享的課程證書 | 可用 |
the course is Good but it needs a person has highly technical skills to study the concept of the course...
i really liked the course contains and the tutting, and it was actually very beneficial for me to develop my skills in software testing thank you again
Thank you for an insightful look at the world of software security. If I were to make a suggestion it would be to include a refresher module about programming in C. I find it odd that the syllabus wouldn't include some basics on C (while assuming the student is fluid with C) and yet, the course had a couple of modules to explain the most basic of web functionalities like server and client paradigm. I think some students of this course have that kind of knowledge mastered, and would have liked a refreshment for C to have an easier time in the earlier weeks.
CL
This is an excellent introductory course to cyber security! The projects are well designed with detail instructions.