學生對 马里兰大学帕克分校 提供的 软件安全 的評價和反饋

This is a tough course. Tough because I had no experience in C or C++. My background is dot-net and visual basic. It's been study C++ 5 hours a day and take the course 2 hours a day. I made it. The professor is spot on when he says a C++ background is needed. But I made it.

If you have the required background you'll find it's a good basis for understanding the multiple vulnerabilities in this code, what they are and how they work. (You better understand stacks and heaps and pointers real well)

Worth the time and the effort. Cheers to University if Maryland for making it available and to Professor Hicks for his hard work.

Thank you for an insightful look at the world of software security. If I were to make a suggestion it would be to include a refresher module about programming in C. I find it odd that the syllabus wouldn't include some basics on C (while assuming the student is fluid with C) and yet, the course had a couple of modules to explain the most basic of web functionalities like server and client paradigm. I think some students of this course have that kind of knowledge mastered, and would have liked a refreshment for C to have an easier time in the earlier weeks.

Learnt a lot. Quite a lot of background required esp. if you've never debugged/analyzed memory locations/ of C programs before. I'm a web developer and write php in my day to day, with a little experience in C++. Being able to read C code wasn't too much of a problem. Very hard, however, was figuring out how to use gdb properly to analyze/ debug -- to calculate the distance between two memory locations, for example. That wasn't something I cared to anguish over.

I personally enjoyed the course. It covers number of topics in software security. Although I find this course pretty easy (read basic), I can understand that the goal of the course is to introduce and focus security in the software development process itself, hence it is brief. I would have liked if more "practical" work was there in the course. I liked all the assignments as well as projects, few of them were really good.

Very good course. Very good introduction to some interesting concepts in software security. Well explained. Maybe introduce more practical exercises. They could also include references to places where you can practice the concepts learned. For example repositories as vulnhub and others are sites where you can put into practice exercises. It however is a course that is very well explained ...

Described security issues are very practical & real. Material built in a structured and logical way. Very interesting interviews with the Expert from the certain security areas that gives oppertunity to see how it works from inside. Had some issues with the Projects passing due to the way how questions built - it took more time to understood questions then to find a response on it.

Good foundations, feels a bit dated though as the Web Security sections seem more focused on vulnerabilities more common in PHP/pre-Web 2.0 & the rise of modern frameworks such as Ruby on Rails, which is surprising for a series that came out in 2014. Still essential knowledge though for software security 101.

Excellent informative course. I specially find week 3-6 more interesting and relatable to my work. Week 1 - 2 are also informative but are heavily depends on C programming language. The projects are mildly challenging but are bit outdated, uses Virtual Box and stuff. I hope they update them with Docker.

I wanna thank Dr Michael but in fact the course wants some editing. First you should write the prerequisite courses for it also a link for each one would be generous. Second we should have more practical exercise done by the instructors live to explain more.. Thank you

This course is totally recommended for developers and architects no matter the programming language you use.

In my opinion, the only thing that I missed was a project for the penetration testing week.

Contents are very well teached and the interviews were awesome.

The course was taught well and contained very interesting and relevant content. However, an increase of projects would be beneficial as I feel just spitting out facts learned from the videos doesn't really make the information stick in a meaningful way.

Some parts of the course were more advanced (Program Analysis), while some briefly touched the topic (Penetration Testing). Web Application Security was almost there, while Low Level Security was just right!

Keep up the good work, recommended +++++

Solid course in software security. Really clear explanation of looking under the covers of how buffer overflows work. However, the virtual machines are four years out of date and getting them running for the labs were a major pain.

I really enjoyed the hands-on C exploit labs. That deserves a six week course on its own. The rest of the material provides a good introduction to tooling and general concepts. I feel like it is two different courses, in a way.

Great Course!!! Awesome course material.

It would be of great help if there could be video on setting up the projects for quiz.

As lot of people may from from non linux background and may have not in touch with c language.

Great Course. I like that it offered the interviews at the end of each lesson. I didn't know anything about the style of fuzzing or pen testing prior to taking this course. I need to delve into the learning hands

Enjoyed the course, would have liked to have in video questions for all videos. I think they stopped after week 4 . I would also have liked to see more projects or more depth to the last project.

The course is great but it would be better to have it over 8 weeks to diffuse the amount of valuable information in Week 5. Also, charts should be numbered for easier references in discussions.

Although it was very interesting and enlightening course and the content of the course was excellent, I would like to point out that the learning technique used was a bit monotonous.

Super focused on C but useful. It's hard to do the first couple of weeks without C experience, the rest of the course is super interesting so totally recommended.

very nice course, covering the most essential topics related to software security. For the curios students, it should provide a good start to dive deep!

The course overall is very good, I hope to have a more specialized course in C/C++ languages with more practices, as I work more with embedded systems/C

Could have gone more deeper in some of the topics which were covered at very high level. Overall a good introduction to the subject matter.

Nice course. One remark, it is necessary to review version compatibility of mentioned virtualbox against today OS versions, mainly macOSX.

Awesome! It would have been nicer to go deeper into the practical, pen testing part, but I enjoyed this course anyway.